Authors
Mirdul Sharma, Ranjeet K. Singh
Abstract
RAT (Remote Access Trojan) is a malware that can control compromised System remotely and creates backdoors to steal data, using target system for illegal purposes etc. A RAT is always installed without victim’s knowledge by many means of communication like E-mail, online free app distribution, torrent, chatting messengers and many other means, Remote access Trojan usually hide its operation processes from the victim and from security software (Antivirus, firewall). RAT usually work on a server undetectably running and listening to TCP/UDP ports on an infected machine. A RAT is once installed, RATs play out their unforeseen or even unapproved activities and utilize a cluster of methods to conceal their follows to stay undetectable and keep on infected system for a long time. The main objective of paper is to provide awareness about remote access Trojans and how to detect a remote access Trojan and stay protected. A RAT is a zombie malware that sits on your system unassumingly waiting for you to input sensitive details like password’s, email accounts, logins to internet banking and more. In this papers I am going to show you how to disinfect an infected or compromised system and how to play safe while working on internet to stay away from RATs. But as we all know prevention is better than cure, so I am also going to show some methods to stay protected from these type of malicious programs that can be very dangerous for an individual as well as society. Keywords: RAT, Compromised system, infected system, remote access Trojans, TCP/UDP, Malware
Introduction
Basically Remote Access Trojan (RATs) are noxious bits of code frequently implanted in genuine projects through RAT-infection strategies. A Trojan horse can't keep running without the client of the system giving the primary approval since it is an executable file, one must run it on his system all together for it to begin working. Hence, the Trojan horse is made to look to the client as a genuine program. On the off chance that the client did not run the executable in the framework, it’s absolutely impossible the programmer gains admittance to the framework. A common place RAT comprises of a server segment running on a compromised individual machine and a client program going about as the interface between the server and the goon. The client sets up correspondences with its relating server when the IP address and port of the last turned out to be accessible through feedback channels. While working on a RAT server, an assailant can record keystrokes, capture passwords, control document frameworks, and usurp assets of unfortunate victim frameworks. RATs give the perfect system to spreading malware including viruses, worms, backdoors, and spywares. Compromised machines are regularly utilized for distributed denial of service attacks.
The Trojan detection methods are divided into two categories signature based technology and dynamic monitoring of TCP/UDP ports. The best alternative for staying away from RATs is to confirm each bit of software programming of before establishment utilizing from the earlier known program signatures. This, not withstanding, ends up unfeasible as a complete database of known program signatures is isolated or unavailable. The polymorphic nature and parasitic instruments of RATs makes it difficult to identify them. System based strategies pursue an alternate reasoning as they inspect both the status and movement on TCP/UDP ports to check any deviation from expected network use. Strange conduct as well as distorted system messages can be distinguished by checking port access designs as well as examine protocol headers of packet exchanger among systems. In this paper, the study propose is a systematic system for identifying and managing known RATs which utilizes organize based identification strategies, network based detection methods. Main objective of this paper is to upgrade the unwavering quality and exactness of the detection procedure.
References
Ashcraft, K., Engler, D.: Using programmer-written compiler extensions to catch security holes. In: Proceedings of the 23rd IEEE Symposium on Security and Privacy, pp. 143–159 (2002)
Castillo-Perez, Sergio, and Joaquin Garcia-Alfaro. “Spyware-Based Menaces Against Web Applications.” 2009 International Conference on Intelligent Networking and Collaborative Systems, 2009, doi:10.1109/incos.2009.31. Christodorescu, Mihai, and Somesh Jha. “Static Analysis of Executables to Detect Malicious Patterns.” 2006.
Chen, Zhongqiang, et al. “Catching Remote Administration Trojans (RATs).” Software: Practice and Experience, vol. 38, no. 7, 2008, pp. 667–703.
Christodorescu, Mihai, and Somesh Jha. “Static Analysis of Executables to Detect Malicious Patterns.” 2006.
Gudipati, Vamshi Krishna, et al. “Detection of Trojan Horses by the Analysis of System Behavior and Data Packets.” 2015 Long Island Systems, Applications and Technology, 2015.
Kondalwar, Manjeri N, and Prof C.J. Shelke. “International Journal of Computer Science and Mobile Computing.” Remote Administrative Trojan/Tool (RAT), vol. 3, no. 3, 14 Mar. 2014, pp. 482–487.
How to cite this article?
| APA Style | Sharma, M. (2019). A Study on RAT (Remote Access Trojan). Academic Journal of Forensic Sciences, 02(02), 08-15. |
| Chicago Style | |
| MLA Style | |
| DOI | |
| URL |