Remote administration tool

A Remote administration tool is used to remotely connect and manage a single or multiple computers with a variety of tools, such as:
* Screen/camera capture or control
* File management (download/upload/execute/etc.)
* Shell control (usually piped from command prompt)
* Computer control (power off/on/log off)
* Registry management (query/add/delete/modify)
* Other product-specific function

Direct Connection

A direct-connect RAT is a simple setup where the client connects to a single or multiple servers directly. Stable servers are multi-threaded, allowing for multiple clients to be connected, along with increased reliability. A diagram below is shown to better illustrate the concept (func = function):

[Client]
[Client]
/
/
/
/ [Server] ----- [Client]

Reverse Connection

Reverse connection RATs are a new technology that came around about the same time that routers became popular. A few advantages of a reverse-connection RAT are listed below:
* No problems with routers blocking incoming data, because the connection is started outgoing for a server
* Allows for mass-updating of servers by broadcasting commands, because many servers can easily connect to a single client.

A diagram is shown below (note, it is basically the reverse of direct connection-type RATs:

Func Func / Func Func [SERVER] /
[SERVER]
/
/
/ Func Func
/ / [CLIENT] ----- [SERVER]

RAT Trojan Horses

Many trojans and backdoors now have remote administration capabilities allowing an individual to control the victim's computer. Many times a file called the server must be opened on the victim's computer before the trojan can have access to it. These are generally sent through email, P2P file sharing software, and in internet downloads. They are usually disguised as a legitimate program or file. Many server files will display a fake error message when opened, to make it seem like it didn't open. Some will also kill antivirus and firewall software. RAT trojans can generally do the following:

* Download, upload, delete, and rename files
* Format drives
* Open CD-ROM tray
* Drop viruses and worms
* Log keystrokes
* Hack passwords, credit card numbers
* Hijack homepage
* View screen
* View, kill, and start tasks in task manager
* Hide desktop icons, taskbar and files
* Print text
* Play sounds
* Randomly move and click mouse
* Record sound with a connected microphone
* Record video with a connected webcam

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack. They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray, and swap mouse buttons. However, they can be quite hard to remove.

Popular RAT Software

* Bifrost
* Bandook
* [http://www.bo2k.com BO2K]
* ProRAT
* SpyRAT -> 1st
* HackRAT -> 2nd
* Netbos
* Optixe
* AutoSpY -> 3rd
* Nclear
* Amituer
* Bandk
* Yuru RAT
* Y3k RAT
* slha RAT
* Openx RAT
* Poison Ivy RAT
* SubSeven RAT
* Nuclear RAT
* NetBus RAT
* ProRAT

Popular RAT pranks

* [http://www.errmess.com ErrMess Remote Computer]
* [http://www.officepoltergeist.com Office Poltergeist]

See also

*Trojan horse
*VNC