Pinterest Stumbleupon Whatsapp
Ads by Google

We often write about malware here at MakeUseOf. One of the most perniciously evil types of malware is the “Remote Access Trojan”, or RAT. What separates them from the rest of the malware pack is that once installed, they allow an attacker to remotely control the infected computer from anywhere in the world. This week, Matthew Hughes explains what to do when you’ve been infected with one:

A Reader Writes:

For the past month my computer has been acting strangely. From what I’ve read, I’m pretty sure it’s been infected with a Remote Access Trojan. Obviously, I’m really concerned.

Can you tell me how to remove them, and how I can avoid getting infected in the future?

Matthew’s Reply:

Ouch. Remote Access Trojans are nasty, simply because they allow an attacker to do just that – remotely access your machine from anywhere in the world.

Getting infected with a RAT is just like getting infected with any other piece of malware. The user either downloads the malware by accident, or a vulnerability in an already-installed piece of software allows the attacker to launch a drive-by download. This means the malware can be installed without the user even knowing.

So far, so familiar. But what makes RATs different is what they allow the attacker to do.

A RAT Trojan can allow an attacker watch your screen as you browse through the Internet, and take control of your keyboard and mouse. They can launch (and close) applications as they see fit, and download additional malware. They can even open-and-shut your DVD drive, and surveil you through your own microphone and webcam How Easy Is It For Someone To Hack Your Webcam? How Easy Is It For Someone To Hack Your Webcam? Read More .

Although they’re perhaps one of the lesser-known, and more exotic forms of malware, they’ve been around for a really long time. One of the oldest is Sub7 (or SubSeven), which was first released in the late 90s, and even allowed an attacker to “talk” to the victim through Microsoft’s Text-To-Speech program 5 Ways to Make Your Windows Computer Speak to You 5 Ways to Make Your Windows Computer Speak to You Lean back and listen: let your PC do the reading. Windows comes, built in, with the ability to read text and third-party apps offer additional features. Let us show you the details. Read More .

Ads by Google

sub7

(For the sake of accuracy it’s worth noting that while Sub7 is often – and most notoroiusly – weaponized as a hacking tool, it can also be legitimately used as a remote administration tool.)

The driving motivations behind why people use RATs range from the financial, to the voyeuristic. They’re as sinister as they sound, but they’re easy to defeat when you know how.

Knowing When You’re Infected

So, how do you know when you’ve been infected? Well, a good clue is when your computer is acting strangely.

Does your keyboard or mouse act as though it has a mind of its own? Are words showing up on your screen without you typing them? Is your trackpad or mouse moving on its own accord? In many cases, this could simply be due to those peripherals being damaged. But if it looks deliberate, it could also be the result of a RAT.

keyboard

RAT programs often allow the attacker to use the infected computer’s webcam to capture photos and video of the user. Most webcams have an LED “On” light that indicates when the peripheral is being used. If your webcam is spontaneously – or persistently – turned on, you might have cause for concern. Finally, run a scan of your anti-malware program. If it’s fully up-to-date, odds are good it’ll be able to identify and quarantine the infection.

Regardless of the operating system you use, you absolutely should have anti-malware software installed. There are lots of dependable options for Windows users and OS X aficionados. Linux has a number of really great options The 4 Best Free Linux Anti-Virus Programs The 4 Best Free Linux Anti-Virus Programs Read More , too.

Let’s move on. What can you do if you are infected?

Turn Off the Internet

The first step is, obviously, to disconnect your computer from the Internet.

Turning off the Wi-Fi or unplugging the Ethernet cord is the most immediate and effective way to wrest control of your computer back. It’s the only way you can guarantee they won’t be able to surveil you, or take control of your machine. The moment you disconnect your PC you dis-empower the attacker. It also means the attacker can’t interfere with your attempt to remove the RAT.

ethernet

Of course, this comes with some pretty key disadvantages – namely you’ll struggle to update any anti-malware definitions if you haven’t already.

Fire Up Your Anti-Malware Software

If you’re sensible, you’ve likely already got some anti-malware already installed and updated. Now it’s just a matter of running it, and hoping that it catches whatever’s installed.

If you’re running old definitions, you’re going to need to install updates through another medium. The easiest way is through a USB stick. Most of the major anti-malware packages allow offline updates this way, including Avast, Malwarebyes, Panda, and BitDefender.

Alternatively, you can cleanse your system from a special Linux anti-malware Live CD Three Live CD Antivirus Scanners You Can Try When Windows Won't Start Three Live CD Antivirus Scanners You Can Try When Windows Won't Start Can't boot your computer, and think the problem is malware? Boot a live CD made specifically for scanning your computer without starting Windows. A live CD is a tool that boots completely from a CD... Read More , or through a portable app How Portable Apps Can Make Your Life Easier & Save Resources How Portable Apps Can Make Your Life Easier & Save Resources If you frequently switch computers and have cloud storage space or USB drives to spare, here's an idea: outsource your applications. Read More . One of the best free examples of the latter is ClamWin ClamWin, An Open-Source Anti-Virus Solution For Your PC [Windows] ClamWin, An Open-Source Anti-Virus Solution For Your PC [Windows] New online threats emerge every day, attacking corporations and consumers alike. These potentials threats aren’t disguised just as links or emails anymore. They could be coming for your personal information in all sorts of ways.... Read More .

Wipe Your System

One of the biggest problems with RAT malware is that it gives the attacker complete control of your system. If they want, they can easily install additional malware. There’s also the risk that your chosen anti-malware won’t recognize the RAT on your system. With that in mind, you might be tempted to just wipe your machine and start afresh.

If you’re on Windows 10, that’s pretty simple. Just press Start > Settings > Update & Security > Recovery > Reset This PC.

RAT

Alternatively, you could revert from an earlier system restore point, or reinstall your OS from the original install media.

Prevention is Better Than the Cure

The most effective way to deal with RATs is to not get infected in the first place. I know, it’s easier said than done, but by adopting a few strategies, you drastically improve your odds.

Firstly, ensure you’re running an operating system (OS) that’s fully patched and updated, and continues to receive updates. Make sure all your installed software is similarly current. This includes things like browsers, Flash, Java, Office, and Adobe Reader.

You should also consider installing Faronics Deep Freeze, which can be bought for around $40 online, although is marketed more to enterprises more than individuals. This takes a snapshot of your computer and reverts to it every time the machine is restarted. That means that even if you get infected with a RAT, you need only power cycle to get rid of it. There are a number of free and paid alternatives, too System Restore On Reboot - Deep Freeze Your Windows Installation With Free Tools System Restore On Reboot - Deep Freeze Your Windows Installation With Free Tools If you've ever wanted to maintain a system state to keep it secure and not allow any changes, then you might want to try deep freezing your Windows computer. Read More .

  1. anon
    December 30, 2015 at 11:08 am

    God, that was hard to sit through. I've given you guys the benefit of the doubt but this has to be my last article I read by this website. I could literally hear even the boredom in your tone, its the same shallow material that'sbeenwrittenalready, and I'm pretty sure I've got some kind of adware virus after visiting this advertisement-riddled site. Hopefully writing isn't your day job, maybe I'll check back in a year.

Leave a Reply

Your email address will not be published. Required fields are marked *