A remote administration tool (or RAT) is a program that is used by hackers or other people to connect to a remote computer via the Internet or across a local network, and perform needed activities. A remote administration tool is based on the server and client technology. The server part runs on a controlled computer and receives commands from the client, which is installed on the remote host. A remote administration tool works in the background and hides from the user. The person who controls it can monitor user’s activity, manage files, install additional software, control the entire system, including any present application or hardware device, modify main system settings, turn off or restart a computer.

Remote administration tools are divided into malicious and legitimate applications. Parasitical RATs, also known as remote administration trojans, are very similar to backdoors and have very similar functionality. However, they are not as viral as backdoors and do not have additional destructive functions or another dangerous payload. These parasites do not work on their own and must be controlled by the client.

Legitimate remote administration tools are commercial products targeted mostly at system administrators. Their main purpose is to allow the authorized access to computers for fixing them or controlling them remotely. Nevertheless, legitimate RATs have the same functionality as parasitical programs and, therefore, can be used for obvious malicious purposes.

Activities that are performed with the help of a Remote Administration Tool

As we have already mentioned, legitimate RATs are very similar to illegal ones. However, they are used only for illegal activities, such as the ones given below:

  • Allowing the intruder to create, delete, rename, copy or edit any file. The attacker can also use RAT for executing various commands, changing system settings, altering the Windows registry and running, controlling or terminating applications. Finally, it can be used to install optional software or parasites.
  • Letting the attacker control hardware, modify related settings, shutdown or restart a computer without asking user's permission.
  • Allowing the malicious person to monitor user's activity on the Internet. This activity can lead the victim to the loss of his/hers passwords, login names, personal documents, and other sensitive information.
  • Capturing screenshots and tracking user's activity. All data, which is collected with the help of such technique, is transferred to the intruder.
  • Degrading computer's performance, decreasing Internet connection speed and security of the system. Typically, such viruses can also cause computer's instability.
  • Hiding from the user and complicating its removal as much as possible.

The distribution techniques of Remote Administration Tools (RATs)

Remote administration tools (RATs) aren’t similar to regular computer viruses. Their server parts must be installed on the affected system as any other software. Of course, this can be done either with or without user's content. There are two major ways how can an unsolicited RAT get into the system:

  • Manual installation. A legitimate remote administration tool can be manually installed by the system administrator or any other user who has sufficient privileges for the software installation. A hacker can break into the system and setup his RAT. In both cases, a privacy threat gets installed without the affected user’s knowledge and consent.
  • Infiltration with the help of other parasites. Malicious remote administration tools are installed by other parasites like viruses, backdoors or worms. Often they are dropped by specific trojans, which get into the system using Internet Explorer ActiveX controls or exploiting certain web browser vulnerabilities. Their authors run insecure websites filled with malicious code or distribute unsafe advertising pop-ups. Whenever the user visits such a site or clicks on such a pop-up, harmful scripts instantly install a trojan. The user cannot notice anything suspicious, as a threat does not display any setup wizards, dialogs or warnings.

To sum up, the malicious version of remote administration tool allows the attacker to work with an infected computer in the same way as with its PC and use it for various malicious purposes. The responsibility for such activity is usually assumed by guiltless users on which systems malicious RATs were installed, as it can hardly be revealed the person who was controlling a parasite.

Practically all remote administration tools are tough to detect. They can violate users' privacy for months and even years until they are noticed. The malicious person can use the RAT to find out everything about the user, obtain and disclose priceless information like user’s passwords, login names, credit card numbers, exact bank account details, valuable personal documents, contacts, interests, web browsing habits and much more.

Any remote administration tool can be used for destructive purposes. If the hacker was unable to obtain any valuable and useful information from an infected computer or have already stolen it, he eventually may destroy the entire system to wipe out his tracks. That means that all hard disks would be formatted, and all the files on them would be erased.Typically, the malicious versions of remote administration tools can affect computers running Microsoft Windows OS. However, there are lots of less prevalent parasites that are designed to work under different environments, including Mac OS X and others.

The most infamous examples of RATs

There are thousands of different remote administration tools. The following examples illustrate how powerful and extremely dangerous these threats can be.

PC Invader is a malicious remote administration tool used by hackers to modify essential networking settings of remote systems. Pc Invader is considered very dangerous as its main aim is to can change vital computer's settings, its IP address, DNS address, computer name, default gateway, etc. It also can shutdown or restart a computer.

Back Orifice is an infamous malicious remote administration tool that allows the intruder to do with a compromised computer everything he wants and even more. This tool has a massive amount of dangerous functions and leaves the victim completely unprotected and disorientated. Back Orifice can be used to manage files, run and install applications, terminate defined processes, modify essential system and networking settings, control the operating system, installed software and hardware devices, log keystrokes, take screenshots, capture video or audio, steal passwords, etc. This remote administration tool supports plugins and, therefore, can have different additional functionality.

Beast is just another virus, which belongs to a huge family of Remote Administration Tools. The author of this threat is a known hacker, who is called Tataye. As we know, the first versions of Beast appeared from April 2001 to March 2004. This threat is written in Delphi and is compressed with ASPack.

Removing RAT from the system

You cannot remove the malicious versions of RATs manually because they hide their files and other components deep inside the system. The most reliable way to eliminate such threats is to use a reputable anti-spyware tool. Such programs can easily help you to detect and remove even the most dangerous viruses, so there is no need to postpone their installation on your computer. You can fix your computer and get rid of any RAT with the help of SpyHunter, STOPzilla, Malwarebytes Anti Malware.

If you think that you are advanced enough to find RAT's files on your computer manually, you should think twice before each removal of your detected components. Otherwise, you may run into serious problems, like computer's instability. Note that lots of Internet resources, such as 2-Spyware.com, can help you with the manual removal of your malware. Detailed instructions on how to remove RAT (malicious one) from the system can be received by adding a question on Ask Us page.

Newest Remote Administration Tools

Getting rid of Beast

March 6th, 2015. What is Beast? Beast is just another virus, which belongs to a huge family of Remote Administration Tools. The author of the this threat is a known hacker, who is called Tataye. As we know, the first versions of Beast appeared from April 2001 to March 2004. This threat is written in... More...

How to remove Project1.Exe

October 15th, 2012. Project1.Exe is a Remote Administration Tool that is used by hackers to control victim's machine remotely. Just like many other RATs, this one can record your keystroke inputs, disable firewall, install malicious files on computer and do other unwanted activities. Basically, the possibilities of... More...

PC Invader removal steps

October 15th, 2012. Facts about PC Invader: PC Invader is a Remote Administration Tool that has been created by a hacker called Heraldo J. A. Carneiro Filho (Master-Dude). Just like many other RAT infections, PC invader is used by hackers to control the victim's machine remotely. It can easily help for... More...

DATABASE OF Remote Administration Tools PARASITES

Total Remote Administration Tools parasites in our DB: 87


    1
  • 666 de Troie 1.0 March 10th, 2005 | No Comments
    Such simple but effective spyware is used by hackers for getting remote access to user's computer. The prin...

  • 711 beta 1 March 10th, 2005 | No Comments
    From the publisher: "Can turn off firewalls and AntiVirus. -Phone Spy -Keylogger -Screenshot -Get Passwords -...

  • A-311 Death 1.03 March 10th, 2005 | No Comments
    This is a newer version of the a-311 Death 1.02 RAT program. This version has the "backdoor" function inclu...

  • Activity Monitor October 24th, 2011 | No Comments
    Activity Monitor is a powerful commercial remote administration and computer surveillance tool based on the se...

  • Advanced Remote Info March 10th, 2005 | No Comments
    Originated in February 2004. This RAT program has a lot of nasty abilities. It is shareware and can be downloa...

  • AlexMessoMalex Trojan b2.2 December 20th, 2007 | No Comments
    Created by an Italian hacker Alex Messo Malex. The programming language is Visual Basic.This is a RAT spyware,...

  • Alien Hacker 2.5 March 10th, 2005 | No Comments
    Created by a Spain hacker Andufo. This RAT was written in Visual Basic. A RAT program works by a simple but...

  • Amanda 2.0 March 10th, 2005 | No Comments
    This Remote Administration tool was created using Visual Basic programming language, by a hacker called SKi...

  • Anal Rape 1.0a March 10th, 2005 | No Comments
    A RAT program is a type of spyware, designed for controlling other people's computers remotely. The hacker ...

  • AntiLamer Backdoor 2.0 March 11th, 2005 | No Comments
    The second improved version of AntiLamer Backdoor. Several bugs were fixed, and the detection and removal p...

  • Attache Install March 11th, 2005 | No Comments
    Created in May 2004 by a group called X Formx Inc. . A Remote Administration Tool is a special kind of hacker ...

  • Autospy September 17th, 2011 | 1 Comments
    Now this hacker software offers the attacker a whole bunch of "useful" functions that can turn the life of his...

  • Back Orifice November 5th, 2015 | No Comments
    Back Orifice (aka BackOrifice2K) is a cyber threat from the top of danger level scale. It's a very dangerous R...

  • Backdoor.NetSpy_II.05.a March 11th, 2005 | No Comments
    This hacker tool can be simply used for creating chaos on victim's computer ant stealing all kind of inform...

  • Backdoor.Ping March 11th, 2005 | No Comments
    Several versions of this pest appeared from September 2001 to July 2004. They all function by the same prin...

  • Backdoor.Slackbot March 14th, 2005 | No Comments
    This nasty virus has an interesting ability to update itself, by checking for newer versions in the internet. ...

  • Backdoor.Subseven.10.b March 14th, 2005 | No Comments
    Backdoor.Subseven.10.b belongs to a humongous family of virus programs. But only few of them can be classified...

  • Backdoor.TDS.SE.33 March 14th, 2005 | No Comments
    The pest was created in January 2001. You can find it in the internet under such name as Undetected 3.3. This ...

  • BadBOT March 14th, 2005 | No Comments
    This RAT was created to disturb the work of IRC channel users. The author is a Spanish hacker called XpyXt. Th...

  • Beast March 6th, 2015 | 1 Comments
    What is Beast? Beast is just another virus, which belongs to a huge family of Remote Administration Tool...

  • BO2K March 15th, 2005 | No Comments
    This is a non commercial freeware RAT program. It is presented as a tool that helps the net administrators to ...

  • BO2K IDEA Encryption March 15th, 2005 | No Comments
    The author of this RAT program is ahacker called Eli Biham. The origination date is July 199. This hacker tool...

  • Breach March 16th, 2005 | No Comments
    This RAT program can be classified as very dangerous, because it has "keylogger" ability. It means that all ...

  • Bus Conquerer March 17th, 2005 | No Comments
    THis RAT is a NetBus trojan password cracker. Its prime function is scanning IP blocks for NetBus trojans. ...

  • Butt Funnel 0.1b March 17th, 2005 | No Comments
    This is a Remote Administration Tool (RAT), used by hackers for gaining access to distant PCs. A RAT program...

  • Butt Trumpet March 17th, 2005 | No Comments
    Butt Trumpet was createb by Brian Enigma. This RAT is a plugin program for the Back Orifice RAT. It has a "n...

  • Cool Remote Control March 15th, 2005 | No Comments
    Cool Remote Control can be very useful for a hacker and extremely dangerous for his victim. This RAT is based ...

  • Deves March 18th, 2005 | No Comments
    Written in Visual Basic. The author is a hacker called Dave. The infection is performed via the e-mail or File...

  • Direct Connection March 19th, 2005 | No Comments
    A Remote Administration Tool is a special kind of hacker spyware, used for remote access and control of other ...

  • DNS 0.1 March 19th, 2005 | No Comments
    A small RAT program, designed for hooliganistic attacks on unprotected users. The hacker infects the machin...

  • EasyNet 3.0 March 20th, 2005 | No Comments
    This RAT program uses the same basic principles that all RATs do: the victim's computer is infected with ...

  • Eclipse 2000 (Iridium) March 21st, 2005 | No Comments
    Eclipse viruses represent a very rare case, when three diffefent RATs share the same name. You may find a viru...

  • Enculator March 21st, 2005 | No Comments
    This is a RAT program, designed for allowing the intruder to controll the infected PC remotely. The author of ...

  • Event Horizon March 23rd, 2005 | No Comments
    A Remote Administration Tool is a special kind of hacker spyware, used for remote access and control of other ...

  • Evil FTP March 23rd, 2005 | No Comments
    This specific RAT was created in December 1997. It works as a trojan, but the infection method is quite intere...

  • Excalibur March 23rd, 2005 | No Comments
    This RAT program was designed for virtual hooliganism, it can not be classified as dangerous, because the func...

  • Executor March 23rd, 2005 | No Comments
    A variant of Executer 1 RAT virus. This is a Remote Administration Tool, that is used by hackers to control th...

  • Fade March 23rd, 2005 | No Comments
    This is a Remote Administration Tool (RAT), used by hackers for gaining access to distant PCs. A RAT program w...

  • Fraggle Rock March 23rd, 2005 | No Comments
    Fraggle Rock is a RAT tool family. Many variants (Fraggle Rock 1.2, Fraggle Rock 1.43 Lite, Fraggle Rock 1.44 ...

  • Gates of Hell March 26th, 2005 | No Comments
    Gates of Hell if a very dangerous RAT virus family. This virus can bypass some antivirus programs and firewa...

  • Ghost March 27th, 2005 | No Comments
    Ghost is a large RAT virus family, designed to annoy the victim by performing stupid useless operations, such ...

  • Glacier March 27th, 2005 | No Comments
    This RAT originated in China. The author is a hacker called Y2KZERO. A lot of versions (Glacier 0.0, Glacier 1...

  • Golden Eye 007 March 27th, 2005 | No Comments
    The origination date of this virus is January 2004. This hacker tool was created to gain the intruder unlim...

  • Helios Bot 1.0 March 29th, 2005 | No Comments
    A Remote Administration Tool is a special kind of hacker spyware, used for remote access and control of othe...

  • HTTP RAT March 30th, 2005 | No Comments
    This is a big RAT virus family. Several versions (HTTP RAT 0.1a, HTTP RAT 0.1b, HTTP RAT 0.2, HTTP RAT 0.21,...

  • ICMP Cmd March 30th, 2005 | No Comments
    A Remote Administration Tool is a special kind of hacker spyware, used for remote access and control of other ...

  • Indoctrination March 30th, 2005 | No Comments
    This Remote Administration Tool was created by a group called Progenic Warfare. The origination date of this p...

  • IPXCtrl1 April 3rd, 2005 | No Comments
    This is a Remote Administration Tool that is used by hackers to control the victim's machine remotely. The pos...

  • JammerKillah 1.2 + Back Orifice Server April 3rd, 2005 | No Comments
    A Remote Administration Tool is a special kind of hacker spyware, used for remote access and control of other ...

  • Kadir Basol Devastator 1.4.5 April 4th, 2005 | No Comments
    This is a very dangerous RAT tool. It has a lot of dangerous features and the program can infect a computer, w...

1 | | NEXT

Like us on Facebook