Remote Administration Tools – Emerging Threats

We are not talking about the rodents. RAT stands for Remote Administration Tools. While the intentions behind creating such tools was to offer remote support, they are now being increasingly used to spy on others, as well as to control the behavior of others’ computers. A RAT is a boon when you cannot figure out some problem you are facing and the technical support takes over your computer to fix the problem. A RAT is a bane when you do not know all your data is available to “someone” “somewhere” on the globe.

Remote Administration Tools – RATs

Windows too provides remote assistance. If you do not feel the need for a Remote Administration Tool software and want to protect your computer, you start with unchecking the “Allow Remote Assistance connections to this computer” under Remote in System Properties dialog box that appears when you right-click Computer icon and then select Properties from the resulting context menu. If you need remote assistance, you can ask for it, and enable or disable some of the settings as advised by the technical support.

Remote Administration Tools - Windows 7

Though I have mentioned Windows above, I am not limiting the problem/dangers of Remote Administration Tools to any particular operating system. It can be any operating system where someone installed RAT component on your computer or your smartphone – with or without your knowledge. There are different types of RAT software and one or more might be supported by your operating system. The use of Remote Administration Tools is not limited to heavy computers. They are also available for smartphones – again to see what you are doing, your location, your contacts etc.

What Can A RAT Do – Dangers

The Wikipedia has a page on remote administration tools and it associates RAT to criminal activities rather than projecting it as tools helpful in remote administration. I also checked out the website of a reputed RAT software. It too talks about spying on others’ computers and phones.

Ever vigilant, the folks at FireEye have discovered a new RAT breed, evolved from the legal, proprietary WinSpy software. WinSpy is blatantly marketed as a monitoring software that will let you “Start Spying on any PC or Phone within the Next 5 minutes.” Certainly, this is a RAT that walks the legal line. FireEye has discovered, however, that WinSpy has been combined with a Trojan installer to target financial institutions, says Emsisoft.

If you visit the WinSpy home page, your IE smart screen will throw up a warning!

Going by this, it seems that dangers of RAT are more compared to the benefits. On the benefit side, I can see only option of remotely connecting to a clients. Of course there are many things a RAT can do:

  1. Watch whatever is being displayed on the host computer(s)
  2. Transfer files/data to/from the host computer(s)
  3. Control the computer using shell commands
  4. Capture images when motion is detected
  5. Send location of the computer to a remote controlling device (the RAT client)

The above is not a complete list of what a remote administration tool can do. But these five points can tell you the extent to which you are vulnerable. If you are buying one of these RATs for own purpose such a children monitoring and/or to see how an employee is using his or her computer, you may be pleased with the performance of these types of software. But when you are a subject in such an environment, the RAT is collecting your details and sending them to someone somewhere in the world who may later misuse the data or render your computer useless after scanning all the data he or she wants.

Prevent Illegal Use Of RATs

1] Be careful while opening emails from unknown senders and especially while clicking on attachments

2] Use a strong user log-in password, as RATs can be physically installed and hidden when you are away from your computer.

3] Most of the times, it is installed using a Trojan. Naturally, you will need a good anti-malware software to detect and isolate the Remote Access Trojan before it can install any kind of script on to your computer.

4] If some RAT software is being  installed on your corporate device, check out the type of tasks the remote administration tools can do. That will help you stay on guard.

5] If you don’t use RATS, disallow Remote Assistance connections to your computer as mentioned above.

6] Always use an up-to-date and patched operating system to reduce chances of drive by RAT downloads.

Now read: How To Avoid Being Watched Through Your Own Computer.

Do share if you have anything to add about this new emerging threat from Remote Administration Tools.

Posted by on , in Category Security with Tags

Arun Kumar is a Microsoft MVP alumnus, obsessed with technology, especially the Internet. He deals with the multimedia content needs of training and corporate houses. Follow him on Twitter @PowercutIN