On Tuesday we covered the basics of Remote Access/Administration Trojan also known as RATs. You can read that post here.
To dive deeper on the topic, one of the most common types of RATs is “Pandora”. The Pandora RAT allows an attacker to gain access to the following items on a compromised computer: files, processes, services, and active network connection.
If all of this doesn’t concern you, Pandora can also: remotely control the compromised desktop, take screenshots, record webcam footage, record audio, log keystrokes, steal passwords, download files, open Web pages, display onscreen messages, restart the compromised computer, hide the taskbar, and hide desktop icons. It can even cause one of the most dreaded attacks: system failure and the blue screen of death. Like many RATs, Pandora is user friendly, and can be mastered by expert and beginner hackers alike.
There is prosperous market of underground software sales based on RATs. They can be purchased from many websites and even appears for sale in hacking forums online. The three main types that appear for sale are:
1) FUD which is fully undetectable by security vendors
2) Crypter which is a tool used to rearrange files in a way that the actual bytes are scrambled
3) JDB (Java drive-by) which involves a Java applet being placed onto a website disguised as a pop-up to continue to the site
A few rules to stay protected: keep your anti-virus software up-to-date, avoid opening emails that look suspicious or if you are unsure of the sender, always be a skeptic when clicking on links that you receive from other sources, and only download files from sites that you know are secure. Always be aware of your webcam activity, if you do not have a shutter that closes then consider putting a piece of paper over the shutter as a precaution. Most importantly use common sense, if your computer told you to drop it off a bridge would you?