Trojans and RATs – CompTIA Security+ SY0-501 – 1.1

Trojans and Remote Access Trojans (RATs) are designed to take advantage of us when we’re least expecting a problem. In this video, you’ll learn about the methods that Trojan malware uses to infect our computers, and how RATs enable the bad guys to control nearly every aspect of our operating systems.

<< Previous Video: Ransomware and Crypto-Malware Next: Rootkits >>

The malware that we call a Trojan horse comes from the Trojan War where the Greeks used this fake horse to capture the City of Troy from the Trojans. This digital version of the Trojan horse is an application that pretends to be something other than malware in an effort to entice you into running this application. It wants to run in your computer so that it can then embed itself. And at that point, it’s on your computer and can perform whatever functions it would like.

If your anti-virus or your anti-malware software is already aware of this Trojan horse software, it will be able to then stop it from executing even though you’re the one that initiated the process. Once this Trojan horse software gets inside of your computer, it has as much access to your system as you do. So this is a very easy way for malware to find its way inside of your computer with as little effort as possible.

Getting into your computer is simply the first step. At that point, the malware needs to open a door so that other software can come onto your computer and that open door is the back door to your operating system. They’re not coming through the front where you happen to be, they’re now opening up a small hole in your operating system that other applications, malware, and botnets can then communicate directly to your computer.

These backdoors set themselves up with software that then communicate to the outside of your network, effectively creating a way back in for other types of malware. One of the problems we have is we’re never quite sure if the software that we’re using doesn’t already have some type of a backdoor built into it. Some very old Linux kernels, for example, had a backdoor written into their software. Even bad software that you might download that is legitimate software that you’re using from a legitimate publisher may have a backdoor that was programmed in by some of their developers, whether it was supposed to be used for debugging and troubleshooting purposes or not, it’s a door that’s now open and makes everything else available to your computer.

One category of a Trojan horse that sets up a backdoor and begins to provide administrative access to your computer is a remote access Trojan. These RATs are often downloaded with other types of software, and once you execute that software, they embed themselves into your operating system. You might also see these referred to as Remote Administration Tools.

This allows a third party to gain unprecedented access to your computer. Once it installs this malware, it’s installing into the operating system as a service, and now the bad guys can simply connect with their client software and control many aspects of your computer. For example, they may set up a keylogger, so they’ll know everything that you type into the keyboard. They might be recording your screen or capturing screen shots. They can copy files from their computer to yours or from your computer to theirs. And of course, they can use this open door to install more malware onto your computer.

I installed the DarkComet RAT onto a couple of tests systems that I have. I don’t recommend you doing this on a production system. I set up separate virtual machines in a completely isolated system to be able to install this malware. And as you can see, the DarkComet RAT allows the end user to look at the System Information on this computer. It can look and perform scripts, transfer files, look at stored passwords, or even listen to the microphone or view what’s happening on your web cam, all from this single administration front end.

One way to prevent these remote access Trojans from being installed is to really examine the software that you’re installing on your computer. This is not a situation where you can trust anything that you download from the internet. You really need to make sure you know what’s being installed.

Make sure that your anti-virus and your anti-malware is always up to date. Those signature updates are something that I update every hour, you might want to at a minimum set these to be updated every day. You also want to make sure that you have a backup, if this malware does get on to your computer, it may be very difficult to remove it from your operating system. It might be easier to simply restore from a known good backup.