RATS- Overview,Types and Countermeasures
|
RAT stands for “Remote Administration Tool”. It’s very similar to a Trojan. Once a RAT is installed in a computer the attacker can do almost anything on the remote computer such as installing a keylogger, controlling a computer, infecting files etc.. Some of the commonly used rats are ProRat, Cybergate and many more. Below is the brief description of ProRat and how to use it ? plus some countermeasures from getting hacked by it.
PRORAT- My Favorite
ProRat is a Remote administration tool (RAT). ProRat opens a port on infected computer which allows the client to perform various operations on the infected computer. Once ProRat is installed on a computer it’s very difficult to remove it without an updated Antivirus program. Below I will show the procedure which a hacker will take to take control of victims computer using ProRat.
1. First of all download ProRat. The password of the zip file will be “Pro”.
2. Disable your Antivirus before using ProRat and Once you have downloaded it launch the program. You will see the following screen below:-
3. Click on the Create button at bottom to create the Trojan file and choose the Create ProRat server.
4. Put your IP address in the IP(DNS) Address box so the server could connect you.
5. Now open Notifications at the sidebar and select the second option “Mail
Notifications”.Here you will an email address “bomberman@yahoo.com” change this to the email address where you want to receive notifications when the server is installed into your victims computer.
6. Now click on the General Setting option. Enter the server port you would like to connect through. Enter the server password, you will be asked for server password when the victim gets infected and you would like to connect to them and then choose the victim name. You can also tick the “Give a fake error” message option when the victim will open the server he will get a fake error message which you configure making victim think that the file is damaged or corrupted.
7. Click on Bind with file on the sidebar. You can bind it with a text document or any other file you may increase chances of victim to click it.
8. Now Click on Server extensions option. Here you can change the desired extension. I will use EXE because it has Icon support or you can also use SCR too it also has icon support too.
9. Now Click on server Icon and choose the desired icon you would like to display for the server and click on Create server.
Now you have successfully created a server. The hacker could rename it something like “Funny joke” and sent it via email attachment or alternatively the hacker could upload it to webhosting site and just ask the victim to manually download it. Once the victims runs the
server on his/her computer he will get an error message which I configured in the general settings tab.
The server gets installed silently in the computer background and the hacker will be sent a notification to the email address he described in the notification tab whenever the victim is infected.
Countermeasures
There are a couple things you can do to prevent yourself from being infected by the malware discussed in this post.
1. Make sure you have good and up-to-date anti-virus software installed on your computer. Also if there is an automatic update option on your anti-virus software, make sure it is enabled.
2. Make sure you have a firewall installed on your computer and make sure that it is actually enabled. Firewalls protect against unauthorized inbound and outbound connections.
Thanks!
Join me on Google+
|
Respected Readers :-
|
E njoyed this post very much – So why not you Subscribe to our regular Email Updates ! and stay connected with us forever .
ProRat is password protected... Pls give out the password.
ReplyDeletethe password for it is "pro" with the quotation marks...!!!
Deletewithout quotation marks
ReplyDelete