Story

Cyber criminals & FUD RATS: The world of delivering malware and creation of botnets

Remote administrations tools a.k.a RATS are used by hackers to gain acces to computer systems. RATS are programs that allow remote operators to control a system as if the operator has physical acces to the system.

In this post i will be focussing on the use of Remote Administration Tools by criminals. Malicious RAT software is typically installed without the victims knowledge. The RAT provides a backdoor to the hacker.

Once malicious remote administration tools are installed the attacker has multiple priviliges. The attacker can use this priviliges to spread the backdoor to your friends and business networks. The anti-virus companies are not making it easy for attackers to use remote administration tools. Malicious remote administration tools have malicious code in it. These malicious codes have their own signatures. These signatures are passed to anti-virus software before they are executed on the victim pc. But, cyber criminals are not stupid either, they use ways to encrypt their malicious remote administration tools.

Crypters

In the hacker world the malicious remote administration tools get protected by a CRYPTER software. Crypter software will encrypt and change the signature of the malicious remote administration tools - resulting in a negative anti-virus report. Once a RAT is crypted the RAT can bypass anti-virus and firewalls.

Watch out when you are going to download Crypters as the most of them will have RATS installed in them.

 

Typical RAT options:

  1. Screen and camera capture
  2. Image control
  3. File management
  4. Shell control
  5. Computer control
  6. Registry management

Hackers are able to use these Remote Administration tools to do the following:

  1. Block mouse and keyboard
  2. Change your desktop wallpaper
  3. Download, upload, delete and rename files
  4. Drop viruses and worms
  5. Edit registry
  6. Format drives
  7. Grab passwords from your browser
  8. Grab passwords from your system
  9. Grab creditcard credentials
  10. Hijack your homepage
  11. Hide desktop icons, taskbars and files.
  12. Implement keyloggers
  13. Administrate your CD/DVD player
  14. Overload the RAM/ROM drive
  15. Print text
  16. Play sounds
  17. Record sounds with a connected microphone
  18. Record video with a connected webcam
  • Share the virus with your network.

Famous RATS on the internet

There are some RATS that are famous in the hacking scene. I will be addressing the Cybergate and Darkcomet RATS.

These RATS all have their own website were the products are being provided. Hackers often release these RATS on other websites with malware in it.

Only download the RATS from their official home pages.

[Paid] Cybergate RAT

CyberGate is an advanced remote control solution. It is designed to control a large number of servers, in order to allow the administrator to easily control his network. CyberGate is only available for now for Windows platforms as a Native application, without requiring any Framework (such as .NET), Virtual Machine (such as Java Virtual Machine) or any Extra Dynamic Link Libraries or shared libraries being a step forward on innovation and an advantage over other applications on the market that have reduced installation and usability.

  • Client and Servers programmed in Delphi/Pascal
  • Access and Administrate Computers from Anywhere
  • Remote Customer Support
  • Telecommuting
  • Remote Access and Communication
  • Remote File Management
  • Remote System Activity Management
  • Password Recovery
  • Remote Shell (Command Interpreter)
  • Web Downloader (HTTP)
  • Screen Viewer
  • Bandwidth Limiter
  • Proxy Tunneling
  • Reverse Socks 4/5 Proxy Server
  • Local Applications Proxifier
  • Data Transferring

Website Cybergate RAT: http://www.cyber-software.org

[Free] DarkComet RAT

DarkComet is a remote administration tool that is being used by hundreds of thousands of people worldwide. The users describe DARKComet-RAT as one of the very best around. The DarkComet RAT is free to download. It is totally free to use and allows the user to control multiple remote machines at the same time using hundreds of functions.

DarkComet is considered one of the most stable RAT's on the internet.

  1. Control one to thousands of Computers at the same time in full transparency and without disturbing the remote user.
  2. Control the system without using the Screen Capture, then the remote user won't be disturb by your control (you can manage process, registry, startup, services, windows, hosts file, privileges etc...).
  3. Gather important information about the remote computer (space, name/domain, ip lan/wan, mac addr, sid, updates etc...).
  4. Recover and read/ manager all stored password (Google chrome, Opera, Mozilla FireFox, Windows RAS, MSN Messenger, Miranda..).
  5. Watch the desktop in full streaming with previous image comparison to avoid sending the same picture all the time, you can control the mouse and the keyboard (also switch monitors).
  6. View remote Webcams in full streaming (support all plug and play webcams like MSN Messenger or Skype).
  7. Capture the microphone if present in full streaming and very fast/ smooth. You also can send your voice to the remote computer.
  8. Use the embedded Keylogger to record each strokes of the remote computer (even special characters and key merging).
  9. Manage the network very simply without installating third part programs (Port scan, view ports, download execute, network shares, Socks proxies etc...)
  10. Test the security of your websites against DDOS using the embedded HTTP Flood (very powerfull) Syn Flood and UDP Flood.
  11. Enjoy using hundreds of functions and thousands of possibilities of probably the best RAT available and FREE.

Download DarkComet http://www.darkcomet-rat.com/

Don't become part of a Botnet

A botnet is a collection of compromised computers, each of which is known as a 'bot', connected to the Internet. When a computer is compromised by an attacker, there is often code within the malware that commands it to become part of a botnet. The "botmaster" or "bot herder" controls these compromised computers via standards-based network protocols such as IRC and http.

How to defend yourself

The solution for defending yourself is easy but you need to have discipline. You can only defend yourself against these attacks if you follow these rules:

1. Don't download files that you do not know or trust. If you decide to download them use the official website to download the files.

2. Have a active firewall and updated anti-virus software ENABLED.

3. Don't click on links that you don't know.

4. Don't work with an administration account - create a sub account for desktop use and use the administrator account to install and remove software.

5. Use virustotal to scan small files (32MB max).
VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.

Here you can find 100 security tips and the following link provides a massive list with FREE security tools. I hope you enjoyed the post.