Hackers are using software called remote administration tools (RATs) to infect computers, steal intimate photos, watch people through their webcams and listen to conversations.
These hackers are called ratters, and they share their techniques and the photos and information they steal from computers with other ratters in online forums. For some, it’s a game of cat and mouse. For others, it’s a way to find sexually explicit photos and toy with their victims, whom ratters call their slaves.
The website arstechnica.com explained in an article last week how ratters can remotely turn on webcams and surreptitiously watch everything the webcam can see and listen to everything the computer’s microphone can pick up.
The RATs allow the hackers to look through computer files in search of photos and other information. They can also — and often do — use the computer’s software to startle their victims. For instance, a RAT can activate Microsoft’s text-to-speech software on the remote system so that it reads aloud a string of text. It can open a chat window and play notes from a musical instrument or make sounds at a specific frequency.
According to arstechnica.com, RATs can be entirely legitimate.
Security companies have used them to help find and retrieve stolen laptops, for instance, and no one objects to similar remote login software such as LogMeIn. The developers behind RAT software generally describe their products as nothing more than tools which can be used for good and ill. And yet some tools have features that make them look a lot like they’re built with lawlessness in mind.
Some of the hackers’ RAT attacks are vicious, writes malwarebytes.org. Some are just “fun functions” used to mess with the system (and minds) of the victim.”
Among the nastier things a RAT can do are:
- Find out all system information, including hardware being used and the exact version of your operating system, including security patches.
- Control all the processes currently running on your system.
- View and modify your registry.
- Modify your hosts file.
- Control your computer from a remote shell.
- Modify your start-up processes and services, including adding a few of its own.
- Execute various types of scripts on your system.
- Modify, view and steal your files.
- Put files of its own on your system.
- Steal your stored password.
- Listen to your microphone.
- Log your keystrokes. (Duh.)
- Scan your network.
- View your network shares.
- Mess with your MSN Messenger, steal your contacts and add new contacts.
- Steal from your clipboard (things you’ve copied).
- Control your printer.
- Lock, restart or shut down your computer.
- Update the implant with a new address to beacon to or new functionality.
Ratters use multiple methods to spread their RATs to other computers. These include drive-by attacks, Warez downloads and social networking sites.
In drive-by attacks, hackers embed malicious script in Web pages that activate when you visit the page. The script exploits vulnerabilities in the computer’s system software and implants and executes malware without the user’s knowledge.
Warez downloads, or the downloading of illegal/cracked software, can often lead to also downloading something the user didn’t bargain for: malware tools that give the hackers access to your computer.
Social networking sites are used by hackers who send a link to a group of people all at once with the hope that one or more click on it.
Once they get into people’s computers, ratters gleefully share their exploits in online hacker forums. According to arstechnica.com, one poster said he had already archived 200GB of webcam material from his slaves.
“Mostly I pick up the best bits (funny parts, the ‘good’ [sexual] stuff) and categorize them (name, address, passwords etc.), just for funsake,” he wrote. “For me I don’t have the feeling of doing something perverted, it’s more or less a game, cat and mouse game, with all the bonuses included. The weirdest thing is, when I see the person you’ve been spying on in real life, I’ve had that a couple of times, it just makes me giggle, especially if it’s someone with an uber-weird-nasty habit.”
“Most of my slaves are boring,” wrote another ratter. “Wish I could get some more girls with webcams. It makes it more exciting when you can literally spy on someone. Even if they aren’t getting undressed!”
To avoid being hacked by ratters, arstechnica.com advises you “take the same precautions that apply to most malware: use a solid anti-malware program, keep your operating system updated, and make sure plugins (especially Flash and Java) aren’t out of date. Don’t visit dodgy forums or buy dodgy items, don’t click dodgy attachments in e-mail, and don’t download dodgy torrents. Such steps won’t stop every attack, but they will foil many casual users looking to add a few more slaves to their collections.”