Remote Access Trojans have become a serious security concern as hackers have developed more sophisticated code that can be installed and hidden on a target system, unknown to the user. According to UMUC (n.d.) Remote Access Trojans are a form of backdoor that can provide unauthorized access and use of digital assets on a victim’s computer system. It essentially masquerades as a legitimate application. They allow hackers to perform a number of malicious tasks such as stealing information from a system, or installing other malicious software.
Earlier this month a sophisticated Remote Access Trojan resurfaced after more than a decade since it was first released. Whittaker (2017). The malicious code in question called ‘Hacker’s Door’ that draws similarities to a RAT of the same name that first appeared in 2004. The new version includes both backdoor and rootkit functionality and was initially detected in the aerospace industry. Security experts are working on determining the potential damage this RAT could cause in the months ahead.
According to UUFIX (2017), a forensic investigator may use a number of methods in order to identify a potential RAT program. Viewing running processes, checking startup applications, and inventorying a list of all installed programs are some steps an investigator might take. I addition to this checking internet connection speeds and using third party forensics scanning software will also aid in the detection of RAT programs.
UMUC (n.d.). Cybercrime Investigation and Digital Forensics. Retrieved from: https://learn.umuc.edu/content/enforced/248542-026828-01-2178-GO1-9046/CSES-650/CSES-650-week8/sco_content/en/resources/csec650_M08.pdf
UUFX (2017). Remote Access Trojan (RAT) – How to Detect and Remove it? Retreived from: http://guides.uufix.com/remote-access-trojan-rat-how-to-detect-and-remove-it
Whittaker, Z. (2017). Chinese backdoor malware resurfaces after more than a decade. ZDNet. Retrieved from: http://www.zdnet.com/article/chinese-backdoor-malware-resurfaces-after-more-than-a-decade