Remote Administration Tool Attacks And How They Affect You

The Internet is a scary place once again.  If you’re not prepared to run the gauntlet of attacks aimed at your precious PC, there could be dire consequences.  Updates and Anti-Virus/Anti-Malware software will assist you in staying clean and free of some of these buggers.  With drive by viruses, RATs, Zero Days, and a plethora of others at our attackers disposal, you have to know what you’re up against to stand a fighting chance.  Remote Administration Tool Attacks are among the nastiest of ones to fight, remove, and protect yourself from.  Below we will look at some unfortunate examples of the aftermath of RATs and then what we can do to keep ourselves safe.  These type of stories are becoming increasingly frequent.  Maybe together we can spread awareness.

When RATs Attack!

** FILE ** A computer user is silhouetted with a row of computer monitors at an Internet cafe in Shenyang, northern China's Liaoning province in this Jan. 23, 2008 file photo.  China eased new Internet controls that limited video-sharing to state companies, saying Tuesday Feb 5, 2008, that private companies already operating in the fast-growing industry are allowed to continue. (AP Photo/File) ** CHINA OUT **

One of the saddest RAT attacks in recent news was one of Hector Hernandez.  Being a naive 17 year old high school student, Hector contracted a RAT which allowed the bad guys to record his webcam and lie in wait until they recorded enough material to confront him with.  According to Mr. Hernandez, the hackers contacted him through his Facebook page and demanded money or they would release a recorded video of him to the internet.  Hector said that the material they had on him was so bad that he couldn’t bring himself to tell his parents or the police and instead tried to come up with the money.  Finding the first $300 they demanded was tricky enough for a high schooler.  Then, they requested an additional $1100 which Hector had almost no way of getting a hold of.  But since the recordings were so embarrassing, he pawned off over $100,000 in valuable family jewels and items for which he received only about $1500.  He then sent the $1100 to an address in the Philippines in hopes that this would all go away.  Then, the attackers took the next logical step and asked for even more cash.  At this point, poor Hector couldn’t drum up any more money and had to resort to telling his parents and then the police.  Fox Detroit had an interview with Mr. Hernandez which will be linked below.

IMBEDDED RATS SCURRY UNDETECTED

images

In a brazen attack that has left many across the world infected without even knowing, a hacking group knows as TeamSpy “borrowed” the code for the popular Remote Desktop Tool Teamviewer and patched in a little of their own.  This left a fully functional TeamViewer application with some added goodies.  The TeamSpy group added the ability to take screenshots, enable keylogging, enable mic and webcam recording, record iTunes info, get detailed info from your BIOS, IP trackers to show off internal LANs, and a few others.  Kaspersky put out a 48 page PDF file on the hacked software for all to know about.  The biggest reason that this was a legitimate threat was due to the following that Kaspersky Labs reported, “This application is signed with legitimate digital certificates and is used by more than 100 million users around the world. To avoid alerting the user that somebody is spying on him, the attackers dynamically patch [the program] in memory to remove all signs of its presence.”  Meaning that you have all of the above working in conjunction to take all of your personal information and relay it back to their servers without you even knowing.  Among those affected was the Ministry of Foreign Affairs of Uzbekistan, which was a major intrusion into their system.  Most of these infections were caused via the “drive-by” method or basic Java and Adobe security vulnerabilities.

HOW DO WE KILL THE RATS???

defense

What can we do to defend our computers and information from all of these different types of Remote Administration Tool attacks?  There are multiple schools of thought on answering this and several different ways to approach it.  I prefer a 4 pronged approach:

1) Be Guarded – In sports they say the best offense is a good defense which rings true in the PC world.  If you have your defenses in place, it would take the work of a very skillful hacker to reign terror on your system.  Having a quality anti-virus that is live scanning is the best bet.  Ones such as Avast, Microsoft Security Essentials, and Trend Micro are great first defenders.  Having a live Anti-Malware scanner such as the paid version of Malwarebytes, which plays nice with any of the mentioned AVs above, is a very good item to have.  If not the full version, the free version will help you get rid of the baddies as well as scan downloaded files before running or opening.  A great free registry watcher such as Spybot S&D is another great piece of the PC defense.  Spybot’s free version will alert you if registry settings being changed/added.

2) Be Updated – Since the majority of hacking software is made to take advantages of security holes, keeping your Java, Windows, Adobe, and other “net” programs up to date is one of the best defenses.  Don’t let your browser get too outdated as well.  Keep your Anti-Virus/Anti-Malware/Anti-Config programs up to speed so they can do their job effectively.  Either set Windows to auto-update or make sure to take care of checking and installing monthly.

3) Be Informed – I haven’t ran out of cliche sayings just yet, as an informed consumer is a prepared consumer.  Knowing what is out there and how it tries to bate you or attack you can be invaluable.  I haven’t clicked on a pop-up “OK” or “Cancel” window in a solid decade.  The three finger solute of Ctrl+Alt+Del takes out that window.  Reading up on sites such as this one can give you the information you need to avoid serious data or identity loss.

4) Be Safe – Safety on the internet and email programs can seem like a novel idea, but put to good practice can save you more times than not.  Don’t open email attachments from unknown sources and make sure to analyze ones that come from known addresses as many Yahoo, Hotmail/Live, Gmail accounts are being hacked daily to help spread viruses and general malware.  To avoid phishing scams that seem like they are from legit senders, scan over the email headers to see where it really came from and is really going back to when you hit “Reply”.  SiteAdvisor is another free program I have been pushing for over a couple years now.  It installs on both IE and FireFox and upon a Google/Bing/Yahoo search will show you ratings for each item returned in easy to understand colors and stars.  It is very helpful when searching for new sites you haven’t been to yet as it will inform you if they have been reported for anything by the community.

Hopefully these stories and the information provided here within is an asset to all of those who read it.  Let others know that RATs are out there and have been around for quite some time.  Knowledge is power in the fight.  Arm yourself!

Web Story Links:

http://www.myfoxdetroit.com/story/23690139/teen-blackmailed-online-pawns-family-jewels-to-pay-up

http://www.securelist.com/en/downloads/vlpdfs/theteamspystory_final_t2.pdf