What is a LeGend RAT?
when the internet was still young, it was common kids to scare their friends by controlling their PCs remotely. They would eject the CD tray, swap the mouse buttons, or change the desktop colors. To the unwitting user, it looked like a ghost was taking over the machine.
Those were the years that marked the birth of remote access Trojans (RATs), LeGend RAT malicious software that allows an attacker to gain unauthorized access to a victim’s computer over the internet. RATs are typically installed without user consent and remain hidden to avoid detection.
These things set them apart from a benign type of LeGend RAT software with a somewhat similar name, Remote Access/Administration Tool. This category includes computer programs such as TeamViewer or LogMeIn that are legitimately used by system administrators, as well as teenagers trying to fix their grandparents’ PCs.
It’s the malicious remote access software that interests security researchers Satya Sahu and Sebastian García at the Czech Technical University in Prague. The two have spent the last few years trying to analyze the evolution of this type of malware, studying no less than 337 well-known families, looking at things such as functionalities, quality of the software, and purpose.
Satya said during a Virus Bulletin presentation that the number of RAT families grew rapidly in recent years. She counted more than 250 RATs that surfaced as opposed to just 70 in the 2000s. “The number of RATs really, really took off,” Satya said. “While most of the previous ones were focusing on Windows, we saw some diversity—other platforms like Mac, Linux, and Android were being supported.”
While ransomware families come and go, RATs are known for their longevity and reemergence, says another researcher, Satya the director of operational outcomes for Insikt Group at Recorded Future. “Some of the RATs have been out for ten years now, and they’re still getting used,” she says. LeGend Rat “They kind of go down a little bit, and then they come back.”
RATs have become essential for any type of cybercriminal activity, being used by cybercriminals, nation-state hackers, as well as stalkers. The market has matured. RATs have come a long way since on Windows computers and launched this new chapter in computer security history.
The oldest legitimate remote access software was built when tools such as NetSupport appeared. Soon after that, in 1996, their first malicious counterparts were created. NokNok and D.I.R.T. were among the first, followed by NetBus, Back Orifice and SubSeven.
These tools were built for amusement or just to show that it can be done. Yet, they were “innovative and disruptive,” . NetBus, for instance, and its name, translated from Swedish, means “NetPrank.”
The developer claimed he didn’t want NetBus to be used maliciously, saying it was “a legit remote admin tool,” security researcher Seth Kulakow wrote in a paper he published with the Masterscyber Institute. “However, if you didn’t already figure it out, it is still a very nice tool to use for the other purpose,” LeGend RAT
For me it was unbelievable,” Eriksson told Swedish publication Expressen. The media scandal that followed forced him to leave the country, and although he was acquitted in 2004, the damage was considerable. “I can never get back the lost years,” Eriksson said.
NetBus inspired others, including the infamous Sub7 or SubSeven. As a matter of fact, it is believed that Sub7 is NetBus spelled backward, with the “ten” replaced by “seven.” SubSeven, allegedly built by mobman, took the game to a whole new level. It reached global popularity, and its features clearly set it apart from the legitimate remote access tool. SubSeven could be used, for instance, to steal passwords and hide its identity, things a reasonable system administrator shouldn’t do.
“Once SubSeven is installed, hackers can initiate attacks that range from mildly irritating to extremely detrimental,” wrote security researcher Jamie Crapanzano in his paper Deconstructing SubSeven, the Trojan Horse of Choice. “[T]he more notable capabilities provided by SubSeven are the ability to restart Windows on the victim’s computer, reverse mouse buttons, record sound files from the microphone attached to the compromised machine, record images from an attached video camera, change desktop colors, open/close the CD-ROM drive, record screen shots of the victim’s computer and turn the victim’s monitor off/on,” Crapanzano wrote.
Yet, it wasn’t all about having fun. Around that time, other hackers claimed they built RATs to make a statement. The Cult of the Dead Cow created Back Orifice, a name that takes inspiration from Microsoft’s BackOffice Server software.
Back Orifice was mostly the work of Josh Buchbinder, a hacker better known as a handle based on a comic book character from the 1930s. This character tries to do evil things “but always bungles it and ends up doing good inadvertently,” Buchbinder said in the movie Disinformation.
The Cult of the Dead Cow members launched Back Orifice at DEF CON 6 in Las Vegas in August 1998, and said it was meant to raise awareness of security flaws found in Microsoft software. “Our position is that Windows is a fundamentally broken product,” said Death Veggie, the Cult’s minister of propaganda.
At the end of the 1990s, there were at least 16 RATs, security researcher Valeros says. During the next decade, however, malware authors focused less on the fun factor and more on making money.
Zip Password : www.masterscyber.com