:远程管理特洛伊木马(RAT)病毒

:

  Trojans, including RATs, are usually downloaded inadvertently by even the most savvy users. Visiting the wrong Web site or clicking on the wrong hyperlink invites the unwanted Trojan in. RATs install themselves by exploiting weaknesses in standard programs and browsers.

  Once they reside on a computer, RATs are hard to detect and remove. For Windows users, simply pressing Ctrl-Alt-Delete won’t expose RATs, because they operate in the background and don''t appear in the task list.

  Some especially nefarious RATs have been designed to install themselves in such a way that they’re very difficult to remove even after they’re discovered.

  For example, a variant of the Back Orifice RAT called G_Door installs its server as Kernel32.exe in the Windows system directory, where it’s active and locked and controls the registry keys.

  The active Kernel32.exe can’t be removed, and a reboot won''t clear the registry keys. Every time an infected computer starts, Kernel32.exe will be restarted, and the program will be active and locked.

  Some RAT servers listen on known or standard ports. Others listen on random ports, telling their clients which port and which IP address to connect to by e-mail.

  Even computers that connect to the Internet through Internet service providers, which are often thought to offer better security than static broadband connections, can be susceptible to control from such RAT servers.

  The ability of RAT servers to initiate connections can also allow some of them to evade firewalls. An outgoing connection is usually permitted. Once a server contacts a client, the client and server can communicate, and the server begins following the instructions of the client.

  Legitimate tools are used by systems administrators to manage networks for a variety of reasons, such as logging employee usage and downloading program upgrades——functions that are remarkably similar to those of some remote administration Trojans. The distinction between the two can be quite narrow. A remote administration tool used by an intruder becomes a RAT.

  In April 2001, an unemployed British systems administrator named Gary McKinnon used a legitimate remote administration tool known as RemotelyAnywhere to gain control of computers on a U.S. Navy network.


上一篇: 晚会主持词

下一篇: 秋季运动会加油稿:短跑100米及200米

最新文章

热门文章

快读网 轻松阅读 享受快乐生活

网站邮箱:wodd7@hotmail.com

Top