What is a Remote Administration Tool (RAT)?

Ever felt like your computer was possessed? Or that you aren’t the only one using your tablet? I think I smell a rat. Literally, a RAT. RAT or remote administration tool, is software that gives a person full control a tech device, remotely. The RAT gives the user access to your system, just as if they had physical access to your device. With this access, the person can access your files, use your camera, and even turn on/off your device.

RATs can be used legitimately. For example, when you have a technical problem on your work computer, sometimes your corporate IT guys will use a RAT to access your computer and fix the issue.

Unfortunately, usually the people who use RATs  are hackers (or rats) trying to do harm to your device or gain access to your information for malicious purposes. These type of RATs are also called remote access   as they are often downloaded invisibly without your knowledge, with a legitimate  program you requested—such as a game.

Once the RAT is installed on your device, the hacker  can wreak havoc. They could steal your sensitive information, block your keyboard so you can’t type, install other malware, and even render your devices useless. They  could also

A well-designed RAT will allow the hacker the ability to do anything that they could do with physical access to the device. So remember, just like you don’t want your home infested by rats, you also don’t want a RAT on your device. Here are some tips on how you can avoid  a RAT.

  • Be careful what links you click and what you download. Often times RATs are installed unknowingly by you after you’ve opened an email attachment or visited an software in the background.
  • Beware of P2P file-sharing. Not only is a lot the content in these files pirated, criminals love to sneak in a few malware surprises in there too.
  • Use comprehensive security software on all your devices. Make sure you install a security suite like McAfee LiveSafe™ service, which protects your data and identity on all your PCs, Macs, tablets and smartphones.

Keep your devices RAT free!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Botnets Here, Botnets There, Botnets EVERYWHERE

What are these “botnets” you keep hearing about? Botnets (think roBOT + NETwork—gets you “BOTNET”) are a network of secretly compromised, run-of-the-mill home and office computers that have malicious software—controlled by a solitary hacker or cybercrime ring.

6DHackers use botnets to execute a variety of cybercrimes like page rank sabotage, mass spamming, bitcoin mining, and more. The FBI says there are 18 botnet infections every second worldwide and these infiltrations pose one of the gravest online threats ever. That figure means over 500 million computers a year are infected.

Needless to say, these attacks can occur without the user knowing it. Botnets will swipe the user’s personal and financial data and can result in stolen credit cards, website crashes and even record your keystroke habits.

The FBI is trying fervently to crumble the botnet empire, as this costs billions of dollars in fallout. And botnetting is on the rise. Hackers aren’t just going after Joe Smo’s credit cards, but top government secrets and technology.

This situation is compounded by another facet of the U.S. government using botnets to build up its power. Think NSA, with its pervasive surveillance program. NSA is assuming control over botnet-infected devices, using these for their own purposes.

NSA, in fact, has a legion of “sleeper cells,” according to the document that was leaked by Edward Snowden. These are remote-controlled computers infested with malware, and as of 2012, were on 50,000 networks.

So we have our government fighting to dismantle botnets, yet simultaneously, building up their arsenal with…botnets. So how on earth will this problem ever be mitigated?

It starts with you.

  • Pay attention if you notice that your Internet connection is unusually slow or you can’t access certain sites (and that your Internet connection is not down)
  • Make sure you have comprehensive Antivirus security installed on all your devices.
  • Be careful when giving out your email address, clicking on links and opening attachments, especially if they are from people you don’t know
  • Stay educated on the latest tactics that hackers and scammers use so that you’re aware of tricks they use
  • Keep your devices operating systems critical security patches updated.

Robert Siciliano is an identity theft expert to discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

What is a Mobile Botnet?

The word botnet is short for robot network, a group of internet-connected computers that have been infected by a malicious application. The malware allows a hacker to control the infected computers without alerting the computers’ owners. Since the infected computers are controlled remotely, they are known as bots, robots or zombies.

When a virus recruits an infected computer and converts it into a botnet, a criminal hacker is able to remotely control that computer, install other malware and access all the data on that computer. For example, the so-called Zeus botnet malware can collect your banking and login credentials and use them to impersonate you or take money from your account.

Mobile botnets give criminals some advantages over PC-based botnets. First, the devices attach to many different networks, including business networks, making them a good carrier for infecting other devices. Second, the devices can be controlled using text messages, which are small, efficient and always get delivered.

McAfee Labs points out:

Due to their wide choice of hardware, botnets can initiate more types of attacks (voice, video, GPS) and serve as launch pads for infections of other computers via any connection (PC, WiFi, Bluetooth, SD card, USB, etc.).

Keep your device from becoming part of a mobile botnet:

  • Use antimalware, antivirus and antispyware on your mobile device.
  • Often, botnets’ malware comes as part of an app, so only install apps from reputable app stores.
  • Keep an eye on your monthly bill. If you start unexpectedly seeing a spike up in text messages received or data charges, call your carrier to investigate.
  • Install Hotspot Shield VPN. Hotspot Shield VPN is a versatile internet security and privacy solution. In addition to protecting you from dangerous online threats, it also protects your privacy and enables you to access any blocked websites and content.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures.

Think You’re Protected? Think Again!

In 1990, when only the government and a number of universities were using the Internet, there were 357 unique pieces of malware. The need for security began with desktop computing when the only means of compromising data was by inserting a contaminated floppy disk into a PC or opening an infected email attachment. That was the anti-virus era.

The need for security evolved with the Internet as more companies developed internal and external networks. That was the network security era.

Now as companies leverage the power of the web, information security has evolved yet again: We are in the application security era. And as big companies get better at locking down their software and protecting their data, criminals are targeting the little guy. Ordinary citizens’ every day digital lives are at risk via infected web pages, instant messaging, phishing, Smartphone viruses, text message scams and now hackers are targeting Macs in a big way.

In the past 20 years, e-commerce and social media have taken over. The numbers behind the explosive growth of cybercrime are astounding. In a little over two decades, we’ve gone from less than 500 pieces of malware to over 55 million annually. Cybercrime has evolved from nothing to a multibillion-dollar industry.

In 1995, 8069 unique pieces of malware were detected. One out of 20 emails were spam, and the Melissa virus infected hundreds of thousands.

In 2000, 56,342 unique pieces of malware were detected, mostly on PCs, but some began spreading to Macs. Then smartphones got the Cabir virus. The “I Love You” worm slithered its way onto millions of PCs, and the MyDoom worm slowed down the entire Internet by 10%, resulting in loses totaling 38 billion dollars.

In 2005, 164,000 unique pieces of malware were detected, including the first virus for Mac OS X and another 83 mobile viruses. 57 million U.S. adults fell for phishing scams via 17,877 different spoof websites. 80% of all email was spam. The Conficker worm, Zeus Trojan, Koobface, Applescript.THT, Storm botnet, and Ikee iPhone virus all made their debuts this year.

By 2010, 54 million unique pieces of malware were spreading to tablets, too. More than 90% of all email was spam. 27% of teens infected their families’ PCs with viruses in 2010. Almost 420,000 phishing sites were discovered. OpinionSpy, Boonana, and MacDefender infected Macs. Hackers commandeered Skype’s instant messaging service to deliver malware. The Gemini and Zitmo Trojans gathered location data and stole financial transaction information.

But if that’s not enough. In 2010, more than three million malicious websites were created, any one of which could infect your computer.

The question is are you protected? Are you using some free download by an unknown company to protect yourself? Or do you have a comprehensive multi layer approach to digital security protecting all your devices?

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing identity theft on YouTube. (Disclosures)


Check out this video to learn more about: The History of Malware








Botnets Turn Your PC into A Zombie

A botnet is a group of Internet-connected personal computers that have been infected by a malicious application, which allows a hacker to control the infected computers without alerting the computer owners. Since the infected PCs are controlled remotely by a single hacker, they are known as bots, robots, or zombies.

Consumers’ and small businesses’ lax security practices are giving scammers a base from which to launch attacks. Hackers use botnets to send spam and phishing emails, and to deliver viruses and other malware.

A botnet can consist of as few as ten PCs, or tens or hundreds of thousands. Millions of personal computers are potentially part of botnets.

Spain-based botnet Mariposa consisted of nearly 13 million zombie PCs in more than 190 countries. Further investigation determined that the botnet included PCs from more than half the Fortune 1000. This botnet’s sole purpose was to gather usernames and passwords for online banking and email services.

There are more than 70 varieties of malware, and while they all operate differently, most are designed to steal data. Mariposa’s technology was built on the “Butterfly” botnet kit, which is available online, and which does not require advanced hacking skills to operate.

The criminals in this operation ran the Mariposa botnet through anonymous virtual private network servers, making it difficult for law enforcement to trace back to the ringleaders.

The botnet problem persists. PCs that aren’t properly secured are at risk of being turned into zombies. Certain user behaviors can also invite attacks.

Surfing pornography websites increases your risk, as does frequenting gaming websites hosted in foreign countries. Downloading pirated content from P2P (peer-to-peer) websites is also risky. Remember, there is no honor among thieves.

Computers with old, outdated, or unsupported operating systems like Windows 95, 98, and 2000 are extremely vulnerable. Systems using old or outdated browsers such as IE 5, 6, or older versions of Firefox offer the path of least resistance.

To protect yourself, update your operating system to XP SP3 or Windows 7. Make sure to set your antivirus software to update automatically. Keep your critical security patches up-to-date by setting Windows Update to run automatically as well. And don’t engage in risky online activities that invite attacks.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses scammers and thieves on The Big Idea with Donnie Deutsch. Disclosures