NW3C News
A Leading Source for Economic and High-Tech Crime Prevention

After Blackshades’ Overthrow, Other RATs Abound

by Kim Williams and Lee Dail  -   June 11, 2014

backshades_rat_640
Once a hacker succeeds in infecting a computer with a RAT, he can basically turn it into a zombie machine, controlled by his will. (127177004 Copyright Maksym Pykha, 2014 Used under license from Shutterstock.com)

Several weeks ago, law-abiding information technology experts around the globe smiled as they watched the dissolution of the Remote Access Tool (RAT) known as Blackshades and the overthrow of its creators and benefactors.  Finally, the only people with remote access to the computers of a grateful online public would be their trusted computer guys. But is the RAT malware empire, which spread its tentacles into over a half-million computers around the globe during Blackshades’ reign, truly defeated? Perhaps other lesser-known RATs, capable of the same vicious interference as Blackshades, crouch in anticipation of their own opportunity to gain control of as much of the digital world as possible. In other words, the online public should not relax its vigilance in protecting its computers. The RATs may be poised to strike back.

In order to grasp the threat posed by RATs, computer users need to understand their potential for destruction in the hands of the unethical. Once a hacker succeeds in infecting a computer with a RAT, he can basically turn it into a zombie machine, controlled by his will. And the hacker’s will is usually fed by two objectives: making money and/or spying. The spying may be done by your basic pervert and/or extortionist or by governments. For instance, the Syrian government used the RAT to spy on rebels. It recorded their correspondence and private material stored on their computers and even determined what they looked like via webcams.

A computer controlled by a RAT permits a hacker to do the following:

  • View documents and photographs
  • Download files to his own computer
  • Delete files
  • Record keystrokes
  • Steal passwords
  • Lock files
  • Hold locked files for ransom
  • Download additional malware
  • Launch attacks on websites
  • Send emails to the computer owner’s contacts containing links that allow the RAT to take over their computers
  • Store illegal files on the host computer
  • Spy on anyone in the room using the webcam

It’s clear, based on the above list, that no one would knowingly download RAT software. Then, how do hackers manage to gain control of so many computers? A RAT is like a Trojan horse. It tricks the unsuspecting into allowing access to a computer primarily in just a few ways.

The hacker sends an email to the victim who clicks an legitimate-looking link or opens an attachment in an email which then downloads the RAT malware.

A zombie machine sends emails to contacts in its email account. The unsuspecting recipient of the email thinks it is from a friend and clicks a link in the email or opens an attached file, downloading the RAT malware.

The victim visits a website that contains a link which, when clicked, downloads the RAT malware. The victim may be lured to the infected site via social media. For instance, Syrian rebels were targeted while viewing anti-government YouTube® videos.

Blackshades hackers employed the techniques described above, but hackers using other RATs use them also. There are multiple varieties of RAT malware still available.

The online public should take the following steps to ensure their computers don’t become infected with a RAT and to guard their online safety. 

  • Invest in quality anti-virus/anti-malware software, keep it updated and schedule regular virus scans.
  • Keep computers fully patched. Enable automated patches for operating systems and web browsers.
  • Don’t click links or open attachments in emails if any doubt exists about them. Instead of clicking a link in an email, go directly to the organization’s website.
  • Use a firewall.
  • Don’t keep a file on your computer containing all of your passwords.
  • Use a pop-up blocker.
  • Use strong passwords and don’t use the same password for everything. Change passwords periodically.
  • Don’t download software from sites you don’t know and trust. Be especially cautious when downloading freeware.
  • Schedule regular backups of your computer’s content to a secondary hard drive or to the cloud, so it may be restored if files are stolen or locked.

Signs of infection include any activity not initiated by the computer’s owners, such as a mouse cursor moving without input, a web camera light turning on when not in use, or files moving to different locations on the computer or disappearing altogether. 

If you think your computer may have been hacked by a RAT, act immediately to protect your assets, files and online accounts.

  • Run virus removal software.
  • Enlist the help of an IT security professional to assist with removing the RAT if you doubt your virus removal software has removed it.
  • Change all passwords, including Facebook, email accounts, bank accounts, etc. Make sure you change them using a different computer than the one that is infected. 
  • Let your friends know you were hacked and advise them not to open attachments or click links in emails from you.
  • Report the incident to the Internet Crime Complaint Center at www.ic3.gov.

For additional information:

http://www.fbi.gov/news/stories/2014/may/international-blackshades-malware-takedown/international-blackshades-malware-takedown

http://www.cnn.com/2014/05/19/justice/us-global-hacker-crackdown/

http://blog.malwarebytes.org/cyber-crime/2014/05/taking-off-the-blackshades/

http://www.detoxcomic.com/articles/rat-software.html


Thumbnail image: 141968254 Copyright alexmillos, 2014 Used under license from Shutterstock.com

Follow Us On

Follow/Like NW3C on Facebook

Follow NW3C on Twitter

View the NW3C channel on YouTube



Submit Your News
or Story Ideas


submit-news-article-idea


NW3C Training


View Training Calendar   Training Calendar


NW3C Contact

Phone:    (804) 273 - NW3C
 (800) 221 - 4424   

Email: informant@nw3c.org

© 2012. NW3C, Inc. d/b/a the National White Collar Crime Center. All Rights Reserved.
Disclaimer | Privacy Policy | Sitemap