Word of the Day: RAT (remote access Trojan)

October 01, 2009 Published by WhatIs.com Word of the Day Overheard in the Blogosphere: Contact us - editor@whatis.com "In an even more sophisticated ploy, the Trojan altered the victim's online banking page to change the amount of the transfer to a smaller number. In one transaction, the cybercriminals stole more than $8,000, but to the victim, it appeared like a $53 transaction." Angela Moscaritolo Issue Sponsored By: > SearchServerVirtualization.com IN THIS ISSUE: > Word of the Day: RAT (remote access Trojan) > Learning Center > Recent Additions and Updates ADVERTISEMENT Server Virtualization: Getting Started Guide This guide introduces you to server virtualization, explains best practices and pitfalls to avoid and provides troubleshooting help and advice. You'll find virtualization articles, definitions, tips, white papers, expert advice and more to pump up your server virtualization know-how quickly. Access the guide today! TODAY'S WORD RAT (remote access Trojan) A remote access Trojan (RAT) is a malware program that includes a back door for administrative control over the target computer. RATs are usually downloaded invisibly with a user-requested program -- such as a game -- or sent as an email attachment. Once the host system is compromised, the intruder may use it to distribute RATs to other vulnerable computers and establish a botnet. Because a RAT enables administrative control, it makes it possible for the intruder to do just about anything on the targeted computer, including: Monitoring user behavior. Accessing confidential information, such as credit card and social security numbers. Activating a system's webcam and recording video. Taking screenshots. Distributing viruses and other malware. Formatting drives. Deleting, downloading or altering files and file systems. RATs can be difficult to detect because they usually don't show up in lists of running programs or tasks. The actions they perform can be similar to those of legitimate programs. Furthermore, an intruder will often manage the level of resource use so that a drop in performance doesn't alert the user that something's amiss. To protect your system from RATs, follow the same procedures you use to prevent other malware infections: Keep antivirus software up to date and refrain from downloading programs or opening attachments that aren't from a trusted source. At the administrative level, it's always a good idea to block unused ports, turn off unused services and monitor outgoing traffic. MORE INFO: > Roger A. Grimes wrote a comprehensive guide on how to detect and exterminate RATs. > Ed Hurley explains why RATs warrant attention. LEARNING CENTER Secret Word Perhaps the most infamous RAT is Back __________. It was demonstrated at a conference in 1998 by a hacker group called Cult of the Dead Cow. What's the secret word? a. Pocket b. Orifice Answer Acronym Challenge Some malicious RATS include a specially crafted RPC to trigger the malware's payload. What does RPC stand for? Answer Tech Trivia What type of malware might a RAT include to gather passwords? Answer Writing for Business According to some experts, RATs are the most dangerous creatures to _________________ a. come down the pipe. b. come down the pike. Which is correct? RECENT ADDITIONS AND UPDATES Has your system been hacked? Ed Skoudis explains how to use built-in Windows commands to determine if an intruder has found his way into your system. PCI compliance requirement 5: Antivirus Diana Kelley and Ed Moyle of Security Curve review PCI compliance requirement 5: "Use and regularly update antivirus software." How can search results lead to malware? Expert Sherri Davidoff explains how attackers are injecting malicious pages into search results. Spyware Protection and Removal Tutorial Get our free resources that explain what spyware is, how it attacks and what you can to do to win the war. CONTACT US Sales For sales inquiries, please contact us at: bmcgovern@techtarget.com Editorial For feedback about any of our articles or to send us your article ideas, please contact us at: Editor@whatis.com ABOUT THIS E-NEWSLETTER This e-newsletter is published by WhatIs.com, part of the TechTarget network. TechTarget provides IT professionals with the resources they need to perform their jobs: Web sites, newsletters, forums, blogs, white papers, webcasts, events and more. Copyright 2009 TechTarget. All rights reserved. Designated trademarks and brands are the property of their respective owners. Unsubscribe requests may take up to 24 hours to process; you may receive additional mailings during that time. A confirmation e-mail will be sent when your request has been successfully processed. Please note, this will not affect any other subscriptions you have signed up for. Contact Us: WhatIs.com Member Services 117 Kendrick Street, Suite 800 Needham, MA 02494 Contact: Webmaster@techtarget.com When you access content from this newsletter, your information may be shared with the sponsors or future sponsors of that content as described in our Privacy Policy: PRIV LINK