TCS - Is Your Computer Infested With RATS?

Is Your Computer Infested With RATS?

by Ira Wilsker
Golden Triangle PC Club
From the April 2004 issue of the I/O Port Newsletter

In previous columns I have referred to Spam mail, that unsolicited junk mail that most of us receive in droves, as the bane of the internet. Also, in other columns, I have warned about the privacy and security issues that spyware and Trojans pose to our happy computing. Sadly, in recent months, the authors of some of the Trojans and worms (Trojans and worms are malicious programs that can be unknowingly installed on our computers by email, websites, or by an insecure internet or network connection) have found another way to financially capitalize on their fiendish work. In the past, Trojans and worms have been used to attack other computers, steal our identity, capture our passwords and user names, place pop-up ads on our screens, redirect our online searches, change our home or startup page, intercept our online purchases, and other fiendish activities. Recently another nefarious type of Trojan or worm has become very common, the RAT or Remote Access Trojan.

What makes the RAT so nasty is that is uses our computers, mostly those of us with broadband or other high speed internet connections, into mass spam emailing machines, without our knowledge. According to recent claims published by a variety of anti-spam and anti-virus companies, between one-third and two-thirds of all of those pesky email ads that we receive touting everything from get rich quick scams, to personal physical enhancement products, to pornography may actually be sent by our personal computers to the recipients, utilizing our internet connections and bandwidth, rather than from some spammer. In fact, we may innocently become the purveyors of billions of spam emails every day!

The RAT may get onto your computer by a variety of means. Some are either piggybacked on, or included as the payload of a virus targeting our computers. These viruses can infect our computers if our antivirus software has not yet been updated to protect from this attack. Other RATS can be placed on our computers from a script file unknowingly run when we visit a website with the hidden payload. Still other RATS can infect our machine either through open ports or entry points on our internet connection, that are either unprotected by a firewall, or ports intentionally opened through our firewalls by either a virus or a legitimate program. Recently, there has been an epidemic of RATS infestations via peer-to-peer file sharing programs such as KaZaA, Morpheus, and other such utilities that by design allow for the exchange of data through the open ports on our internet connections.

Once our computers host one or more of these vermin, the RAT signals one or more spammers computers that your computer is now available to broadcast spam. The spammer can either send an email list to the RAT on your computer over the open internet connection, or hijack any address books or other email lists on your computer. The spammer also sends the message to the RAT which compiles the emails, and then sends them out over your connection, but using the RATs integral email utility. The RAT does not use the regular email program on your computer, and will leave little evidence that it has sent out bulk emails from your machine, other than possibly a slower than normal or more active than normal internet connection, due to the bandwidth consumed by the RAT when sending out the spam emails.

Using a RAT to distribute spam not just hides the true source of the spam and the real identity of the spammer, but also makes it more difficult for the better spam filters to remove this spam, because it comes from an otherwise legitimate source, your computer. This may create problems for you, the internet subscriber. Many spam filters report back to the offenders ISP (Internet Service Provider) that their customer was the source of the spam, resulting in a warning to the unsuspecting computer user, or worse, a discontinuance of the service. A spam filter may also enter the IP address of the user (a unique numerical address assigned to every computer connected to the internet) on to many of the blacklists or databases maintained by anti-spam services, blocking legitimate email from you, the user of the RAT infected computer.

It is important that we all try to kill any RATs that may be infesting our computers. First, we all need updated antivirus software on our computers, and we need to frequently scan our computer for viruses with our updated software. A good check would also be to use one of the several free online virus scans, such as the one at housecall.antivirus.com. Another thing we can do to detect and kill RATs is to install, frequently update, and frequently run a decent spyware detector and killer. My personal favorite, and one recently top-rated by several computer magazines, is the free Spybot Search and Destroy available for download at www.safer-networking.org. A good free standing firewall, such as Outpost, or Zone Alarm (both available in free and commercial versions), or the firewalls bundled with many of the newer versions of commercial antivirus software can make a RAT less likely to infest your computer. The firewall built into Windows XP is usually ineffective at preventing a RAT infestation.

Check your computer, and kill any RATs found living in it, and help reduce spam!



For more information on the Tulsa Computer Society click here



Tulsa Computer Society 4/01/2004
Don Singleton, President