Two interns at Matasano Security exposed security flaws in some of the most widely used remote administration tools,...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
which can supposedly be used to defend against the attackers. Can you explain the RAT security flaws that were discovered and how they can be used for defense purposes?
Ask the Expert
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
Remote administration tools (RATs), the common name for the broad category of software tools hackers develop and use for malicious purposes, are a potential weak link in enterprise security, regardless of whether any particular tool was designed for legitimate use or for use in an attack. The fact that some of the most widely used malicious RATs had security flaws is not a surprise, given the immaturity of the software development practices used by most attackers. Some RATs, like BackOrifice and Dameware, were created using more secure software development practices, and the quality of the tools typically reflect that, but for the most part, RATs are not developed using these more sophisticated practices.
The RAT security vulnerabilities discovered by the Matasano interns included SQL injection, unauthorized reading of arbitrary files, vulnerabilities in included third-party files and man-in-the-middle attacks. These attacks could allow an attacker to gain access to the system by exploiting a vulnerability in the RAT, allowing access to a potential new attacker.
Exploiting these vulnerabilities for defensive purposes on internal hosts owned by your enterprise and where your enterprise is responsible for the system is one potential option to remediate the system and defeat an attacker. However, to be clear, many would consider such a tactic to be "hacking back," and such aggressive methods of offensive security are at best highly controversial, and at worst illegal if performed against a system your enterprise doesn't own. A much better option is to use established support tools to remediate a system where one of the vulnerable RATs was installed without authorization. In such cases, the system would most likely be compromised, so you might still need to reimage the system after backing up its data.
Dig Deeper on Security Testing and Ethical Hacking
Related Q&A from Nick Lewis
The remote administration Ammyy Admin software was repeatedly found to be spreading different types of malware. Expert Nick Lewis explains how ...continue reading
The Keydnap malware has the ability to steal passwords stored in the Keychain Access app on Mac systems. Expert Nick Lewis explains how to mitigate ...continue reading
The CryptXXX ransomware has been spreading through compromised legitimate websites that redirect to malicious sites. Expert Nick Lewis explains how ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.