病毒远程管理特洛伊木马(RAT)病毒

远程木马  时间:2021-04-13  阅读:()

远程管理特洛伊木马RAT病毒

远程管理特洛伊木马RAT病毒

RATs

The world of malicious software is often divided into two types:viraland nonviral.Viruses are little bits of code that are buried in other codes.When the“host”codes are executed, the viruses replicate themselves andmay attempt to do something destructive. In this, they behave much likebiological viruses.

Worms are a kind of computer parasite considered to be part of theviral camp because they replicate and spread from computer to computer.

As with viruses, a worm’ s malicious act is often the very act ofreplication; they can overwhelm computer infrastructures by generatingmassive numbers of e-mails or requests for connections that servers can’t handle.

Worms differ from viruses, though, in that they aren’ t just bits of code

that exist in other files.They could be whole files——an entire Excelspreadsheet, for example. They replicate without the need for anotherprogram to be run.

Remote administration types are an example of another kind ofnonviral malicious software, the Trojan horse, or more simply Trojan.The purpose of these programs isn’ t replication, but to penetrate andcontrol.That masquerade as one thing when in fact they are somethingelse,usually something destructive.

There are a number of kinds of Trojans, including spybots,whichreport on the Web sites a computer user vis its,and keybots or keyloggers,which record and report the user s keystrokes in order to discoverpasswords and other confidential information.

RATs attempt to give a remote intruder administrative control of aninfected computer.They work as client/server pairs.The server res ides onthe infected machine,while the client resides elsewhere, across thenetwork,where it s availab le to a remote intruder.

Using standard TCP/IP or UDP protocols, the client sends instructionsto the server. The server does what it’ s told to do on the infected

c o mputer.

Trojans, inc luding RATs, are usually downloaded inadvertently byeven the most savvy users.Visiting the wrong Web site or clicking on thewrong hyperlink invites the unwanted Trojan in.RATs install themselvesby exploiting weaknesses in standard programs and browsers.

Once they reside on a computer,RATs are hard to detect and remove.For Windows users, simply pressing Ctrl-Alt-Delete won’ t expose RATs,because they operate in the background and don t appear in the task list.

Some especially nefarious RATs have been designed to installthemselves in such a way that they’ re very difficult to remove even afterthey’ re d is covered.

For example, a variant of the Back Orifice RAT called G_Door installsits server as Kernel32.exe in the Windows system directory,where it’ sactive and locked and controls the registry keys.

The active Kernel32.exe can’ t be removed, and a reboot won t clearthe registry keys.Every time an infected computer starts,Kernel32.exewill be restarted,and the program will be active and locked.

Some RAT servers listen on known or standard ports.Others listen onrandom ports, telling their clients which port and which IP address toconnect to by e-mail.

Even computers that connect to the Internet through Internet serviceproviders,which are often thought to offer better security than staticbroadband connections, can be susceptible to control from such RATs ervers.

The ability of RAT servers to initiate connections can also allow someof them to evade firewalls.An outgoing connection is usually permitted.Once a server contacts a client, the client and server can communicate,and the server begins following the instructions of the client.

Legitimate tools are used by systems administrators to managenetworks for a variety of reasons, such as logging employee usage anddownloading program upgrades——functions that are remarkab ly similarto those of some remote administration Trojans.The distinction betweenthe two can be quite narrow.A remote administration tool used by anintruder becomes a RAT.

In April 2001, an unemp loyed British systems administrator namedGary McKinnon used a legitimate remote administration tool known asRemotelyAnywhere to gain control of computers on a U.S.Navy network.

By hacking a few unguarded passwords on the target computers andusing illegal copies of Remotely Anywhere,McKinnon was able to breakinto the Navy’ s network and use the remote administration tool to stealinformation and delete files and logs.The fact that McKinnon launchedthe attack from his girlfriend’ s e-mail account left him vulnerable tod etec tio n.

Some of the famous RATs are variants of Back Orifice; they includeNetbus, SubSeven, Bionet and Hack a tack. These RATs tend to befamilies more than single programs.They are morphed by hackers into avast array of Trojans with similar capabilities.

远程管理特洛伊木马RAT病毒

恶意软件的世界常常分成两类病毒性和非病毒性。病毒是埋藏在其他程序中的很短的程序代码。当“主”程序执行时病毒就复制自身并企图做些有破坏性的事。在此过程中它们的行为很像生物病毒。

蠕虫是一类计算机寄生虫可以把它们归到病毒阵营 因为它们进行复制从一台计算机散布到另一台计算机。

作为病毒蠕虫的有害行为常常只是复制这个行为。它们通过生成大量的电子邮件或申请连接的请求使服务器没法处理而导致计算机崩溃。

但蠕虫也有别于病毒它们不是存在于其他文件中的代码。它们可以是整个文件如Exc el数据表格。它们不需要运行另一个程序就进行复制。

远程管理病毒是另一类非病毒性恶意软件——特洛伊木马或更简单地称作木马的例子。这些程序的目的不是复制而是渗透进去加以控制。它们伪装成某种东西但实际上是另一件东西通常具有破坏性。

有多种类型的木马病毒其中包括间谍机器人它在网站上报告计算机用户来访和击键机器人它记录和报告用户的击键 目的是为了发现口令和其他的保密信息。

RAT病毒企图让远程入侵者对受感染的计算机进行管理控制。它

们以客户机/服务器那样的方式进行工作。服务器驻留在受感染的机器中而客户机位于网络上能实施远程入侵的其他地方。

利用标准的T CP/IP或UDP协议该客户机给服务器发送指令。服务器在受感染的计算机上做被告知的事情。

木马病毒含RAT病毒通常由用户、甚至最聪明的用户不经意地下载下来。访问恶意的网站或者点击恶意的链接都可能招致不想要的特洛伊病毒进入计算机。 RAT病毒利用普通程序和浏览器中的弱点自行安装。

一旦它们驻留在计算机中 RAT病毒是很难发现和去除的。对于Wind o ws用户简单地击打C trlAltD e lete键并不能暴露RAT病毒 因为它们在后台工作不会出现在任务列表中。

有些非常穷凶极恶的RAT病毒设计成以一种即使在被发现后也非常难去除的方式安装。

例如 Back Orifice RAT病毒的一个变种 叫G_Door安装其服务器作为Windows系统目录中的Kernel32.ex e存活并锁定在那里并控制注册键。

活动的Kernel32.exe是不能去除的重新启动也不能清除注册键。每次受感染的计算机开机 Kerne l32.exe被再次启动并被激活和锁定。

有些RAT病毒对已知的或标准的端口进行侦听。其他的则对随机的端口进行侦听通告它的客户机电子邮件连接到了哪些端口和哪些IP地址。

通过IS P 因特网服务提供商连接到因特网上的计算机虽然常常被认为比静态的宽带连接更安全也可能被这样的RAT病毒所控制。

RAT病毒服务器这种激活连接的能力也能让它们中的一些可以入侵防火墙。通常向外的连接是允许的一旦服务器与客户机建立联系客户机和服务器就能进行通信服务器就开始遵循客户机的指令工作。

出于各种原因系统管理员使用合法工具管理网络如记录雇员的使用和下载程序更新与某些远程管理木马病毒的功能非常相像。这两者间的差别可能是非常小的远程管理工具被入侵者使用就成了RAT病毒。

2001年4月一名叫Gary McKin-non的失业的英国系统管理员利用合法的远程管理工具——Remotely Anywhere成功地控制了美国海军网络上的多台计算机。

Mc Kinno n通过黑客手段获得目标计算机上未防护的口令和使用非法拷贝的Remotely Anywhere软件突破了美国海军的网络利用该远程管理工具偷窃信息、删除文件和记录。Mc Kinno n从他女朋友的电子邮件账号发起攻击这个账号给侦查留下了线索。

一些有名的RAT病毒是Bac k Orific e的变种如Netbus、S ub S even、Bionet和Hack a tack。这些RAT病毒大多是一组程序而不是单独的一个程序。黑客把它们变成一个庞大的、具有类似功能的木马病毒阵列。

上一篇英语 目录允许网络一下一篇英语 电脑BIOS里名词中英文对照表查看更多关于电脑电信的文章网友同时还浏览了

电脑英语--常见硬件篇

网络广告术语翻译

机新词汇

数据通信系统

电脑显示器词汇大全

常见的重要电脑英语及其缩写

CloudCone($82/月)15-100M不限流量,洛杉矶CN2 GIA线路服务器

之前分享过很多次CloudCone的信息,主要是VPS主机,其实商家也提供独立服务器租用,同样在洛杉矶MC机房,分为两种线路:普通优化线路及CN2 GIA,今天来分享下商家的CN2 GIA线路独立服务器产品,提供15-100Mbps带宽,不限制流量,可购买额外的DDoS高防IP,最低每月82美元起,支持使用PayPal或者支付宝等付款方式。下面分享几款洛杉矶CN2 GIA线路独立服务器配置信息。配...

腾讯云爆款秒杀:1C2G5M服务器38元/年,CDN流量包6元起

农历春节将至,腾讯云开启了热门爆款云产品首单特惠秒杀活动,上海/北京/广州1核2G云服务器首年仅38元起,上架了新的首单优惠活动,每天三场秒杀,长期有效,其中轻量应用服务器2G内存5M带宽仅需年费38元起,其他产品比如CDN流量包、短信包、MySQL、直播流量包、标准存储等等产品也参与活动,腾讯云官网已注册且完成实名认证的国内站用户均可参与。活动页面:https://cloud.tencent.c...

无忧云( 9.9元/首月),河南洛阳BGP 2核 2G,大连BGP线路 20G高防 ,

无忧云怎么样?无忧云服务器好不好?无忧云值不值得购买?无忧云,无忧云是一家成立于2017年的老牌商家旗下的服务器销售品牌,现由深圳市云上无忧网络科技有限公司运营,是正规持证IDC/ISP/IRCS商家,自营有国内雅安高防、洛阳BGP企业线路、香港CN2线路、国外服务器产品等,非常适合需要稳定的线路的用户,如游戏、企业建站业务需求和各种负载较高的项目,同时还有自营的高性能、高配置的BGP线路高防物理...

远程木马为你推荐
manifestedasp支持ipadfilezillaserverFileZilla Server 搭建的FTP服务器资费标准中国移动38元套餐介绍三友网网测是什么意思?厦门三五互联科技股份有限公司厦门三五互联怎么样?免费代理加盟怎么开免费的代理网店discuz7.0安装discuz出现Discuz! Database Error (0) notconnect 怎么办?社区动力你为什么想当一名社区工作者无忧代理网无忧考网好不好,为什么注册要输入电话号码,可信度高不高,还有中国公务员考试网,这些网站是不是要收费
手机域名注册 动态域名解析软件 godaddy域名解析教程 狗爹 l5520 mobaxterm lamp配置 服务器架设 网通代理服务器 华为4核 铁通流量查询 cpanel空间 789电视网 vip购优惠 cdn加速是什么 ftp免费空间 酷番云 中国电信宽带测速器 空间申请 godaddy空间 更多