病毒远程管理特洛伊木马（RAT）病毒

远程管理特洛伊木马RAT病毒

远程管理特洛伊木马RAT病毒

RATs

The world of malicious software is often divided into two types:viraland nonviral.Viruses are little bits of code that are buried in other codes.When the“host”codes are executed, the viruses replicate themselves andmay attempt to do something destructive. In this, they behave much likebiological viruses.

Worms are a kind of computer parasite considered to be part of theviral camp because they replicate and spread from computer to computer.

As with viruses, a worm’ s malicious act is often the very act ofreplication; they can overwhelm computer infrastructures by generatingmassive numbers of e-mails or requests for connections that servers can’t handle.

Worms differ from viruses, though, in that they aren’ t just bits of code

that exist in other files.They could be whole files——an entire Excelspreadsheet, for example. They replicate without the need for anotherprogram to be run.

Remote administration types are an example of another kind ofnonviral malicious software, the Trojan horse, or more simply Trojan.The purpose of these programs isn’ t replication, but to penetrate andcontrol.That masquerade as one thing when in fact they are somethingelse,usually something destructive.

There are a number of kinds of Trojans, including spybots,whichreport on the Web sites a computer user vis its,and keybots or keyloggers,which record and report the user s keystrokes in order to discoverpasswords and other confidential information.

RATs attempt to give a remote intruder administrative control of aninfected computer.They work as client/server pairs.The server res ides onthe infected machine,while the client resides elsewhere, across thenetwork,where it s availab le to a remote intruder.

Using standard TCP/IP or UDP protocols, the client sends instructionsto the server. The server does what it’ s told to do on the infected

c o mputer.

Trojans, inc luding RATs, are usually downloaded inadvertently byeven the most savvy users.Visiting the wrong Web site or clicking on thewrong hyperlink invites the unwanted Trojan in.RATs install themselvesby exploiting weaknesses in standard programs and browsers.

Once they reside on a computer,RATs are hard to detect and remove.For Windows users, simply pressing Ctrl-Alt-Delete won’ t expose RATs,because they operate in the background and don t appear in the task list.

Some especially nefarious RATs have been designed to installthemselves in such a way that they’ re very difficult to remove even afterthey’ re d is covered.

For example, a variant of the Back Orifice RAT called G_Door installsits server as Kernel32.exe in the Windows system directory,where it’ sactive and locked and controls the registry keys.

The active Kernel32.exe can’ t be removed, and a reboot won t clearthe registry keys.Every time an infected computer starts,Kernel32.exewill be restarted,and the program will be active and locked.

Some RAT servers listen on known or standard ports.Others listen onrandom ports, telling their clients which port and which IP address toconnect to by e-mail.

Even computers that connect to the Internet through Internet serviceproviders,which are often thought to offer better security than staticbroadband connections, can be susceptible to control from such RATs ervers.

The ability of RAT servers to initiate connections can also allow someof them to evade firewalls.An outgoing connection is usually permitted.Once a server contacts a client, the client and server can communicate,and the server begins following the instructions of the client.

Legitimate tools are used by systems administrators to managenetworks for a variety of reasons, such as logging employee usage anddownloading program upgrades——functions that are remarkab ly similarto those of some remote administration Trojans.The distinction betweenthe two can be quite narrow.A remote administration tool used by anintruder becomes a RAT.

In April 2001, an unemp loyed British systems administrator namedGary McKinnon used a legitimate remote administration tool known asRemotelyAnywhere to gain control of computers on a U.S.Navy network.

By hacking a few unguarded passwords on the target computers andusing illegal copies of Remotely Anywhere,McKinnon was able to breakinto the Navy’ s network and use the remote administration tool to stealinformation and delete files and logs.The fact that McKinnon launchedthe attack from his girlfriend’ s e-mail account left him vulnerable tod etec tio n.

Some of the famous RATs are variants of Back Orifice; they includeNetbus, SubSeven, Bionet and Hack a tack. These RATs tend to befamilies more than single programs.They are morphed by hackers into avast array of Trojans with similar capabilities.

远程管理特洛伊木马RAT病毒

恶意软件的世界常常分成两类病毒性和非病毒性。病毒是埋藏在其他程序中的很短的程序代码。当“主”程序执行时病毒就复制自身并企图做些有破坏性的事。在此过程中它们的行为很像生物病毒。

蠕虫是一类计算机寄生虫可以把它们归到病毒阵营 因为它们进行复制从一台计算机散布到另一台计算机。

作为病毒蠕虫的有害行为常常只是复制这个行为。它们通过生成大量的电子邮件或申请连接的请求使服务器没法处理而导致计算机崩溃。

但蠕虫也有别于病毒它们不是存在于其他文件中的代码。它们可以是整个文件如Exc el数据表格。它们不需要运行另一个程序就进行复制。

远程管理病毒是另一类非病毒性恶意软件——特洛伊木马或更简单地称作木马的例子。这些程序的目的不是复制而是渗透进去加以控制。它们伪装成某种东西但实际上是另一件东西通常具有破坏性。

有多种类型的木马病毒其中包括间谍机器人它在网站上报告计算机用户来访和击键机器人它记录和报告用户的击键 目的是为了发现口令和其他的保密信息。

RAT病毒企图让远程入侵者对受感染的计算机进行管理控制。它

们以客户机/服务器那样的方式进行工作。服务器驻留在受感染的机器中而客户机位于网络上能实施远程入侵的其他地方。

利用标准的T CP/IP或UDP协议该客户机给服务器发送指令。服务器在受感染的计算机上做被告知的事情。

木马病毒含RAT病毒通常由用户、甚至最聪明的用户不经意地下载下来。访问恶意的网站或者点击恶意的链接都可能招致不想要的特洛伊病毒进入计算机。 RAT病毒利用普通程序和浏览器中的弱点自行安装。

一旦它们驻留在计算机中 RAT病毒是很难发现和去除的。对于Wind o ws用户简单地击打C trlAltD e lete键并不能暴露RAT病毒 因为它们在后台工作不会出现在任务列表中。

有些非常穷凶极恶的RAT病毒设计成以一种即使在被发现后也非常难去除的方式安装。

例如 Back Orifice RAT病毒的一个变种 叫G_Door安装其服务器作为Windows系统目录中的Kernel32.ex e存活并锁定在那里并控制注册键。

活动的Kernel32.exe是不能去除的重新启动也不能清除注册键。每次受感染的计算机开机 Kerne l32.exe被再次启动并被激活和锁定。

有些RAT病毒对已知的或标准的端口进行侦听。其他的则对随机的端口进行侦听通告它的客户机电子邮件连接到了哪些端口和哪些IP地址。

通过IS P 因特网服务提供商连接到因特网上的计算机虽然常常被认为比静态的宽带连接更安全也可能被这样的RAT病毒所控制。

RAT病毒服务器这种激活连接的能力也能让它们中的一些可以入侵防火墙。通常向外的连接是允许的一旦服务器与客户机建立联系客户机和服务器就能进行通信服务器就开始遵循客户机的指令工作。

出于各种原因系统管理员使用合法工具管理网络如记录雇员的使用和下载程序更新与某些远程管理木马病毒的功能非常相像。这两者间的差别可能是非常小的远程管理工具被入侵者使用就成了RAT病毒。

2001年4月一名叫Gary McKin-non的失业的英国系统管理员利用合法的远程管理工具——Remotely Anywhere成功地控制了美国海军网络上的多台计算机。

Mc Kinno n通过黑客手段获得目标计算机上未防护的口令和使用非法拷贝的Remotely Anywhere软件突破了美国海军的网络利用该远程管理工具偷窃信息、删除文件和记录。Mc Kinno n从他女朋友的电子邮件账号发起攻击这个账号给侦查留下了线索。

一些有名的RAT病毒是Bac k Orific e的变种如Netbus、S ub S even、Bionet和Hack a tack。这些RAT病毒大多是一组程序而不是单独的一个程序。黑客把它们变成一个庞大的、具有类似功能的木马病毒阵列。

上一篇英语 目录允许网络一下一篇英语 电脑BIOS里名词中英文对照表查看更多关于电脑电信的文章网友同时还浏览了

电脑英语--常见硬件篇

网络广告术语翻译

机新词汇

数据通信系统

电脑显示器词汇大全

常见的重要电脑英语及其缩写