The tech acronym “RAT” has two meanings: “remote administration tool,” or the software your friendly network administrator uses to install software or troubleshoot your computer issues, and “remote access trojan,” or the malware a nefarious individual uses to wreak havoc on your computer and steal passwords, credit card numbers, and other sensitive information. For this week’s Tech Time Warp, we’re traveling back to June 2009, where computer users first encountered Prorat, which falls into the latter category.
According to the Microsoft security bulletin on Prorat, the malware opened random TCP ports on the computers it attacked. Then, the trojan communicated which ports were open to a remote server, and in turn the remote server connected to the computer and played sounds, changed printer properties, and downloaded and executed other malware. Prorat was developed in Turkey, and it’s still on the loose today and used as a base for development of other trojans.
One of the earliest RATs was Back Orifice, created by the famous hacking group Cult of the Dead Cow. The malware’s name was a play on Microsoft’s BackOffice server software, and its creators intended it to be an “ethical” RAT. Back Orifice was launched in August 1998 at DEF CON 6 in Las Vegas with the goals of raising awareness of Windows security flaws. Its primary hacker, Josh Buchbinder, went by the handle “Sir Dystic” in tribute to a 1930s comic book character who tried to be sinister but inadvertently did good.
RATs primarily propagate through email attachments or through invisible download with a game or another program.
Photo: alexeisido / Shutterstock
Did you enjoy this installation of SmarterMSP’s Tech Time Warp? Check out others here.