我们不是在谈论啮齿动物。RAT代表远程管理工具(Remote Administration Tools)。虽然创建此类工具的目的是提供远程支持,但它们现在越来越多地用于监视他人以及控制他人计算机的行为。当您无法弄清楚您面临的某些问题并且技术支持接管您的计算机以解决问题时,RAT 是一个福音。(A RAT is a boon)当您不知道您的所有数据都可供全球“某人”“某处”使用时,RAT 就是祸根。(A RAT is a bane)
什么是远程管理工具(Administration Tools)( RAT )
Windows也提供远程协助。如果您觉得不需要远程管理工具(Remote Administration Tool)软件并且想要保护您的计算机,则首先取消选中“系统属性(System Properties)”对话框中“远程”下的“允许远程协助连接到这台计算机”,当您右键单击“此”(Remote)时出现(Allow Remote Assistance connections to this computer)PC 图标,然后从出现的上下文菜单中选择属性。如果您需要远程协助,您可以提出请求,并按照技术支持的建议启用或禁用某些设置。
尽管我在上面提到了Windows ,但我并没有将(Windows)远程管理工具(Remote Administration Tools)的问题/危险限制在任何特定的操作系统上。它可以是有人在您的计算机或智能手机上安装了RAT(RAT)组件的任何操作系统——无论您是否知情。
有不同类型的RAT软件,您的操作系统可能支持一种或多种。远程管理工具(Remote Administration Tools)的使用不仅限于重型计算机。它们也可用于智能手机——再次查看您在做什么、您的位置、您的联系人等。
(Dangers)远程管理工具(Remote Administration Tools)的危险和风险(Risks)
Wikipedia有一个关于远程管理工具的页面,它将RAT与犯罪活动联系起来,而不是将其视为有助于远程管理的工具。我还查看了知名RAT软件的网站。它也谈到了监视他人的计算机和手机。
Ever vigilant, the folks at FireEye have discovered a new RAT breed, evolved from the legal, proprietary WinSpy software. WinSpy is blatantly marketed as a monitoring software that will let you “Start Spying on any PC or Phone within the Next 5 minutes.” Certainly, this is a RAT that walks the legal line. FireEye has discovered, however, that WinSpy has been combined with a Trojan installer to target financial institutions, says Emsisoft.
如果您访问WinSpy主页,您的 IE 智能屏幕会弹出警告。
由此看来,RAT的危害似乎大于好处。在好处方面,我可以看到远程连接到客户端的唯一选项。当然,RAT可以做很多事情:
- 观看(Watch)主机上显示的任何内容
- 向/从主机传输文件/数据
- 使用 shell 命令控制计算机
- 检测到运动时捕获图像
- 将计算机的位置发送(Send)到远程控制设备(RAT客户端)
以上不是远程管理工具可以做什么的完整列表。但是这五点可以告诉你你的脆弱程度。如果您出于自己的目的购买其中一种RAT(RATs),例如监控儿童和/或查看员工如何使用他或她的计算机,您可能会对这些类型的软件的性能感到满意。但是,当您是这种环境中的主体时,RAT会收集您的详细信息并将其发送给世界某个地方的某个人,后者可能会在扫描了他或她想要的所有数据后滥用数据或使您的计算机无法使用。
防止(Prevent)非法使用远程管理工具(Remote Administration Tools)( RAT(RATs) )
- 打开来自未知发件人的电子邮件时要小心,尤其是在单击附件时
- 使用强用户登录密码,因为当您离开计算机时, RAT(RATs)可以物理安装和隐藏。
- 大多数情况下,它是使用木马(Trojan)安装的。自然,您将需要良好的反恶意软件来检测和隔离远程访问木马(Remote Access Trojan),然后它才能将任何类型的脚本安装到您的计算机上。
- 如果您的公司设备上安装了某些RAT软件,请查看远程管理工具可以执行的任务类型。这将帮助您保持警惕。
- 如果您不使用RATS ,请如上所述禁止远程协助连接到您的计算机。(Remote Assistance)
- 始终使用最新且已打补丁的操作系统,以减少偷渡式RAT下载的机会。
现在阅读(Now read):如何避免通过自己的计算机被监视(How To Avoid Being Watched Through Your Own Computer)。
如果您对来自远程管理工具(Remote Administration Tools)的这一新出现的威胁有什么要补充的,请分享。
Remote Administration Tools: Risks, Threats, Prevention
We are not talking about the rodents. RAT stands for Remote Administration Tools. While the intention behind creating such tools was to offer remote support, they are now being increasingly used to spy on others, as well as to control the behavior of others’ computers. A RAT is a boon when you cannot figure out some problem you are facing and the technical support takes over your computer to fix the problem. A RAT is a bane when you do not know all your data is available to “someone” “somewhere” on the globe.
What are Remote Administration Tools (RAT)
Windows too provides remote assistance. If you do not feel the need for a Remote Administration Tool software and want to protect your computer, you start with unchecking the “Allow Remote Assistance connections to this computer” under Remote in System Properties dialog box that appears when you right-click the This PC icon and then select Properties from the resulting context menu. If you need remote assistance, you can ask for it, and enable or disable some of the settings as advised by the technical support.
Though I have mentioned Windows above, I am not limiting the problem/dangers of Remote Administration Tools to any particular operating system. It can be any operating system where someone installed the RAT component on your computer or your smartphone – with or without your knowledge.
There are different types of RAT software and one or more might be supported by your operating system. The use of Remote Administration Tools is not limited to heavy computers. They are also available for smartphones – again to see what you are doing, your location, your contacts, etc.
Dangers & Risks of Remote Administration Tools
Wikipedia has a page on remote administration tools and it associates RAT to criminal activities rather than projecting it as tools helpful in remote administration. I also checked out the website of a reputed RAT software. It too talks about spying on others’ computers and phones.
Ever vigilant, the folks at FireEye have discovered a new RAT breed, evolved from the legal, proprietary WinSpy software. WinSpy is blatantly marketed as a monitoring software that will let you “Start Spying on any PC or Phone within the Next 5 minutes.” Certainly, this is a RAT that walks the legal line. FireEye has discovered, however, that WinSpy has been combined with a Trojan installer to target financial institutions, says Emsisoft.
If you visit the WinSpy home page, your IE smart screen will throw up a warning.
Going by this, it seems that the dangers of RAT are more compared to the benefits. On the benefit side, I can see the only the option of remotely connecting to clients. Of course, there are many things a RAT can do:
- Watch whatever is being displayed on the host computer(s)
- Transfer files/data to/from the host computer(s)
- Control the computer using shell commands
- Capture images when motion is detected
- Send location of the computer to a remote controlling device (the RAT client)
The above is not a complete list of what a remote administration tool can do. But these five points can tell you the extent to which you are vulnerable. If you are buying one of these RATs for your own purpose such as children monitoring and/or to see how an employee is using his or her computer, you may be pleased with the performance of these types of software. But when you are a subject in such an environment, the RAT is collecting your details and sending them to someone somewhere in the world who may later misuse the data or render your computer useless after scanning all the data he or she wants.
Prevent illegal use of Remote Administration Tools (RATs)
- Be careful while opening emails from unknown senders and especially while clicking on attachments
- Use a strong user log-in password, as RATs can be physically installed and hidden when you are away from your computer.
- Most of the time, it is installed using a Trojan. Naturally, you will need good anti-malware software to detect and isolate the Remote Access Trojan before it can install any kind of script onto your computer.
- If some RAT software is being installed on your corporate device, check out the type of tasks the remote administration tools can do. That will help you stay on guard.
- If you don’t use RATS, disallow Remote Assistance connections to your computer as mentioned above.
- Always use an up-to-date and patched operating system to reduce the chances of drive-by RAT downloads.
Now read: How To Avoid Being Watched Through Your Own Computer.
Do share if you have anything to add about this new emerging threat from Remote Administration Tools.