Computerworld -
Listen to the Computerworld TechCast: Remote Administration Trojans.
The world of malicious software is often divided into two types: viral and nonviral. Viruses are little bits of code that are buried in other codes. When the "host" codes are executed, the viruses replicate themselves and may attempt to do something destructive. In this, they behave much like biological viruses.
Worms are a kind of computer parasite considered to be part of the viral camp because they replicate and spread from computer to computer.
As with viruses, a worm's malicious act is often the very act of replication; they can overwhelm computer infrastructures by generating massive numbers of e-mails or requests for connections that servers can't handle.
Worms differ from viruses, though, in that they aren't just bits of code that exist in other files. They could be whole files—an entire Excel spreadsheet, for example. They replicate without the need for another program to be run.
Remote administration types are an example of another kind of nonviral malicious software, the Trojan horse, or more simply Trojan. The purpose of these programs isn't replication, but to penetrate and control. Named after the wooden creature that the citizens of ancient Troy were tricked into taking into their fortified city, they are programs that masquerade as one thing when in fact they are something else, usually something destructive.
There are a number of kinds of Trojans, including spybots, which report on the Web sites a computer user visits, and keybots or keyloggers, which record and report the user's keystrokes in order to discover passwords and other confidential information.
RATs attempt to give a remote intruder administrative control of an infected computer. They work as client/server pairs. The server resides on the infected machine, while the client resides elsewhere, across the network, where it's available to a remote intruder.
Using standard TCP/IP or UDP protocols, the client sends instructions to the server. The server does what it's told to do on the infected computer.
Trojans, including RATs, are usually downloaded inadvertently by even the most savvy users. Visiting the wrong Web site or clicking on the wrong hyperlink invites the unwanted Trojan in. RATs install themselves by exploiting weaknesses in standard programs and browsers.
Once they reside on a computer, RATs are hard to detect and remove. For Windows users, simply pressing Ctl-Alt-Delete won't expose RATs, because they operate in the background and don't appear in the task list.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
