病毒远程管理特洛伊木马(RAT)病毒

远程木马  时间:2021-04-13  阅读:()

远程管理特洛伊木马RAT病毒

远程管理特洛伊木马RAT病毒

RATs

The world of malicious software is often divided into two types:viraland nonviral.Viruses are little bits of code that are buried in other codes.When the“host”codes are executed, the viruses replicate themselves andmay attempt to do something destructive. In this, they behave much likebiological viruses.

Worms are a kind of computer parasite considered to be part of theviral camp because they replicate and spread from computer to computer.

As with viruses, a worm’ s malicious act is often the very act ofreplication; they can overwhelm computer infrastructures by generatingmassive numbers of e-mails or requests for connections that servers can’t handle.

Worms differ from viruses, though, in that they aren’ t just bits of code

that exist in other files.They could be whole files——an entire Excelspreadsheet, for example. They replicate without the need for anotherprogram to be run.

Remote administration types are an example of another kind ofnonviral malicious software, the Trojan horse, or more simply Trojan.The purpose of these programs isn’ t replication, but to penetrate andcontrol.That masquerade as one thing when in fact they are somethingelse,usually something destructive.

There are a number of kinds of Trojans, including spybots,whichreport on the Web sites a computer user vis its,and keybots or keyloggers,which record and report the user s keystrokes in order to discoverpasswords and other confidential information.

RATs attempt to give a remote intruder administrative control of aninfected computer.They work as client/server pairs.The server res ides onthe infected machine,while the client resides elsewhere, across thenetwork,where it s availab le to a remote intruder.

Using standard TCP/IP or UDP protocols, the client sends instructionsto the server. The server does what it’ s told to do on the infected

c o mputer.

Trojans, inc luding RATs, are usually downloaded inadvertently byeven the most savvy users.Visiting the wrong Web site or clicking on thewrong hyperlink invites the unwanted Trojan in.RATs install themselvesby exploiting weaknesses in standard programs and browsers.

Once they reside on a computer,RATs are hard to detect and remove.For Windows users, simply pressing Ctrl-Alt-Delete won’ t expose RATs,because they operate in the background and don t appear in the task list.

Some especially nefarious RATs have been designed to installthemselves in such a way that they’ re very difficult to remove even afterthey’ re d is covered.

For example, a variant of the Back Orifice RAT called G_Door installsits server as Kernel32.exe in the Windows system directory,where it’ sactive and locked and controls the registry keys.

The active Kernel32.exe can’ t be removed, and a reboot won t clearthe registry keys.Every time an infected computer starts,Kernel32.exewill be restarted,and the program will be active and locked.

Some RAT servers listen on known or standard ports.Others listen onrandom ports, telling their clients which port and which IP address toconnect to by e-mail.

Even computers that connect to the Internet through Internet serviceproviders,which are often thought to offer better security than staticbroadband connections, can be susceptible to control from such RATs ervers.

The ability of RAT servers to initiate connections can also allow someof them to evade firewalls.An outgoing connection is usually permitted.Once a server contacts a client, the client and server can communicate,and the server begins following the instructions of the client.

Legitimate tools are used by systems administrators to managenetworks for a variety of reasons, such as logging employee usage anddownloading program upgrades——functions that are remarkab ly similarto those of some remote administration Trojans.The distinction betweenthe two can be quite narrow.A remote administration tool used by anintruder becomes a RAT.

In April 2001, an unemp loyed British systems administrator namedGary McKinnon used a legitimate remote administration tool known asRemotelyAnywhere to gain control of computers on a U.S.Navy network.

By hacking a few unguarded passwords on the target computers andusing illegal copies of Remotely Anywhere,McKinnon was able to breakinto the Navy’ s network and use the remote administration tool to stealinformation and delete files and logs.The fact that McKinnon launchedthe attack from his girlfriend’ s e-mail account left him vulnerable tod etec tio n.

Some of the famous RATs are variants of Back Orifice; they includeNetbus, SubSeven, Bionet and Hack a tack. These RATs tend to befamilies more than single programs.They are morphed by hackers into avast array of Trojans with similar capabilities.

远程管理特洛伊木马RAT病毒

恶意软件的世界常常分成两类病毒性和非病毒性。病毒是埋藏在其他程序中的很短的程序代码。当“主”程序执行时病毒就复制自身并企图做些有破坏性的事。在此过程中它们的行为很像生物病毒。

蠕虫是一类计算机寄生虫可以把它们归到病毒阵营 因为它们进行复制从一台计算机散布到另一台计算机。

作为病毒蠕虫的有害行为常常只是复制这个行为。它们通过生成大量的电子邮件或申请连接的请求使服务器没法处理而导致计算机崩溃。

但蠕虫也有别于病毒它们不是存在于其他文件中的代码。它们可以是整个文件如Exc el数据表格。它们不需要运行另一个程序就进行复制。

远程管理病毒是另一类非病毒性恶意软件——特洛伊木马或更简单地称作木马的例子。这些程序的目的不是复制而是渗透进去加以控制。它们伪装成某种东西但实际上是另一件东西通常具有破坏性。

有多种类型的木马病毒其中包括间谍机器人它在网站上报告计算机用户来访和击键机器人它记录和报告用户的击键 目的是为了发现口令和其他的保密信息。

RAT病毒企图让远程入侵者对受感染的计算机进行管理控制。它

们以客户机/服务器那样的方式进行工作。服务器驻留在受感染的机器中而客户机位于网络上能实施远程入侵的其他地方。

利用标准的T CP/IP或UDP协议该客户机给服务器发送指令。服务器在受感染的计算机上做被告知的事情。

木马病毒含RAT病毒通常由用户、甚至最聪明的用户不经意地下载下来。访问恶意的网站或者点击恶意的链接都可能招致不想要的特洛伊病毒进入计算机。 RAT病毒利用普通程序和浏览器中的弱点自行安装。

一旦它们驻留在计算机中 RAT病毒是很难发现和去除的。对于Wind o ws用户简单地击打C trlAltD e lete键并不能暴露RAT病毒 因为它们在后台工作不会出现在任务列表中。

有些非常穷凶极恶的RAT病毒设计成以一种即使在被发现后也非常难去除的方式安装。

例如 Back Orifice RAT病毒的一个变种 叫G_Door安装其服务器作为Windows系统目录中的Kernel32.ex e存活并锁定在那里并控制注册键。

活动的Kernel32.exe是不能去除的重新启动也不能清除注册键。每次受感染的计算机开机 Kerne l32.exe被再次启动并被激活和锁定。

有些RAT病毒对已知的或标准的端口进行侦听。其他的则对随机的端口进行侦听通告它的客户机电子邮件连接到了哪些端口和哪些IP地址。

通过IS P 因特网服务提供商连接到因特网上的计算机虽然常常被认为比静态的宽带连接更安全也可能被这样的RAT病毒所控制。

RAT病毒服务器这种激活连接的能力也能让它们中的一些可以入侵防火墙。通常向外的连接是允许的一旦服务器与客户机建立联系客户机和服务器就能进行通信服务器就开始遵循客户机的指令工作。

出于各种原因系统管理员使用合法工具管理网络如记录雇员的使用和下载程序更新与某些远程管理木马病毒的功能非常相像。这两者间的差别可能是非常小的远程管理工具被入侵者使用就成了RAT病毒。

2001年4月一名叫Gary McKin-non的失业的英国系统管理员利用合法的远程管理工具——Remotely Anywhere成功地控制了美国海军网络上的多台计算机。

Mc Kinno n通过黑客手段获得目标计算机上未防护的口令和使用非法拷贝的Remotely Anywhere软件突破了美国海军的网络利用该远程管理工具偷窃信息、删除文件和记录。Mc Kinno n从他女朋友的电子邮件账号发起攻击这个账号给侦查留下了线索。

一些有名的RAT病毒是Bac k Orific e的变种如Netbus、S ub S even、Bionet和Hack a tack。这些RAT病毒大多是一组程序而不是单独的一个程序。黑客把它们变成一个庞大的、具有类似功能的木马病毒阵列。

上一篇英语 目录允许网络一下一篇英语 电脑BIOS里名词中英文对照表查看更多关于电脑电信的文章网友同时还浏览了

电脑英语--常见硬件篇

网络广告术语翻译

机新词汇

数据通信系统

电脑显示器词汇大全

常见的重要电脑英语及其缩写

Spinservers美国圣何塞服务器$111/月流量10TB

Spinservers是Majestic Hosting Solutions,LLC旗下站点,主营美国独立服务器租用和Hybrid Dedicated等,数据中心位于美国德克萨斯州达拉斯和加利福尼亚圣何塞机房。TheServerStore.com,自 1994 年以来,它是一家成熟的企业 IT 设备供应商,专门从事二手服务器和工作站业务,在德克萨斯州拥有 40,000 平方英尺的仓库,库存中始终有...

vpsdime:VPS内存/2核/VPS,4G内存/2核/50gSSD/2T流量/达拉斯机房达拉斯机房,新产品系列-Windows VPS

vpsdime上了新产品系列-Windows VPS,配置依旧很高但是价格依旧是走低端线路。或许vpsdime的母公司Nodisto IT想把核心产品集中到vpsdime上吧,当然这只是站长个人的猜测,毕竟winity.io也是专业卖Windows vps的,而且也是他们自己的品牌。vpsdime是一家新上来不久的奇葩VPS提供商,实际是和backupspy以及crowncloud等都是同一家公司...

新版本Apache HTTP Server 2.4.51发布更新(有安全漏洞建议升级)

今天中午的时候看到群里网友在讨论新版本的Apache HTTP Server 2.4.51发布且建议更新升级,如果有服务器在使用较早版本的话可能需要升级安全,这次的版本中涉及到安全漏洞的问题。Apache HTTP 中2.4.50的修复补丁CVE-2021-41773 修复不完整,导致新的漏洞CVE-2021-42013。攻击者可以使用由类似别名的指令配置将URL映射到目录外的文件的遍历攻击。这里...

远程木马为你推荐
http404未找到"HTTP 404 未找到"的错误如何对付?_Joinsql宜人贷官网宜人贷是不是骗人的碧海银沙网怎样在碧海银沙网里发布图片?正大天地网正大光明是什么数字zhuo爱作文:温暖的( )powerbydedecms如何去掉dedecms自带广告以及Power by dedecms艾泰科技艾泰840E 性能怎么样 有没有什么缺点 用过的朋友请回答joomla安装下载app并安装无忧验证码手机登录前程无忧怎么不显示登录验证码
虚拟主机提供商 三级域名网站 名片模板psd 美国php主机 铁通流量查询 777te 河南移动邮件系统 双十一秒杀 免费吧 129邮箱 搜索引擎提交入口 免费网页空间 支持外链的相册 免费的asp空间 hdroad 美国vpn代理 标准机柜 热云 压力测试工具 电脑主机 更多