RAT (remote access Trojan)

A remote access Trojan (RAT) is a malware program that includes a back door for administrative control over the target computer. RATs are usually downloaded invisibly with a user-requested program -- such as a game -- or sent as an email attachment. Once the host system is compromised, the intruder may use it to distribute RATs to other vulnerable computers and establish a botnet.

Because a RAT enables administrative control, it makes it possible for the intruder to do just about anything on the targeted computer, including:

• Monitoring user behavior through keyloggers or other spyware.
• Accessing confidential information, such as credit card and social security numbers.
• Activating a system's webcam and recording video.
• Taking screenshots.
• Distributing viruses and other malware.
• Formatting drives.
• Deleting, downloading or altering files and file systems.

The Back Orifice rootkit is one of the best known examples of a RAT. A hacker group known as the Cult of the Dead Cow created Back Orifice to expose the security deficiencies of Microsoft's Windows operating systems.

RATs can be difficult to detect because they usually don't show up in lists of running programs or tasks. The actions they perform can be similar to those of legitimate programs. Furthermore, an intruder will often manage the level of resource use so that a drop in performance doesn't alert the user that something's amiss.

To protect your system from RATs, follow the same procedures you use to prevent other malware infections: Keep antivirus software up to date and refrain from downloading programs or opening attachments that aren't from a trusted source. At the administrative level, it's always a good idea to block unused ports, turn off unused services and monitor outgoing traffic.

RAT also stands for remote administration tool.

Learn More About IT:
> Roger A. Grimes wrote a comprehensive guide on how to detect and exterminate RATs.
> Ed Hurley explains why RATs warrant attention.

Learn more about Malware, Viruses, Trojans and Spyware

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

FILE EXTENSION AND FILE FORMAT LIST File Extension and File Format List: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

RELATED CONTENT Increase in Gumblar backdoors poses FTP credential problems Security Researcher explains how to detect the Trojan, but many victimized website owners don't have the technical expertise to fix the problem. Hackers to sharpen malware, malicious software in 2010 Symantec researchers predict an increase in attacks using social network architectures, third-party applications and URL shortening services. iPhone worm Rickrolls jailbroken phones The ikee worm uses SSH default passwords to hack the smartphone and change the wallpaper to a Rick Astlee photo.

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) A bot worm is a self-replicating malware program that resides in current memory, turns infected computers into zombies (or bots) and transmits itself... directory traversal  (SearchSecurity.com) Directory traversal is a form of HTTP exploit in which a hacker uses the software on a Web server to access data in a directory other than the...