Trojans-ka Helitaanka fog^{(Remote Access Trojans)} ( RAT ) ayaa had iyo jeer caddeeyey inay khatar weyn ku yihiin adduunkan marka ay timaado afduubka kombiyuutarka ama kaliya inaad saaxiib la ciyaarto. RAT waa software xaasidnimo leh oo u ogolaanaya hawlwadeenku inuu weeraro kombayutarka oo uu ka helo meel fog oo aan la ogolayn. RAT-yadu^(RATs) waxay halkan joogeen sanado, wayna ku sii adkaystaan ​​sida helitaanka qaar ka mid ah RAT-yada^(RATs) ay tahay hawl adag xitaa software-ka Antivirus -ka casriga ah ee halkaas ka jira.^(Antivirus)

Maqaalkan, waxaan ku arki doonaa waa maxay Helitaanka Fog ee Trojan^{(Access Trojan)} wuxuuna ka hadlayaa ogaanshaha & farsamooyinka saarista ee la heli karo. Waxa kale oo ay sharraxaysaa, si kooban, qaar ka mid ah RAT-yada caadiga ah sida^(RATs) CyberGate ,^(CyberGate) DarkComet ,^(DarkComet) Optix ,^(Optix) Shark ,^(Shark) Havex ,^(Havex) ComRat ,^(ComRat) VorteX  Rat^{(VorteX Rat)} , Sakula iyo KjW0rm .

Waa maxay marinka fog ee Trojans

Inta badan Trojan-ka Helitaanka Fog^{(Remote Access Trojan)} waxa lagu soo dejiyaa iimaylo xaasidnimo ah, barnaamijyo aan la fasixin iyo isku xirka shabakadda oo aan meelna ku geynin. RAT-yadu^(RATs) ma fududa sida barnaamijyada Keylogger- waxay siiyan weerarka awoodo badan sida:

• Keylogging : furahaaga waa lala socon karaa, waxaana laga heli karaa isticmaalayaasha, furayaasha sirta ah, iyo macluumaadka kale ee xasaasiga ah.
• Qabashada Shaashadda^{(Screen Capture)} : Sawir-qaadasho ayaa la heli karaa si loo arko waxa ku jira kumbuyuutarkaaga.
• Qabashada Warbaahineed Hardware^{(Hardware Media Capture)} : RAT-yadu waxay geli karaan kamaradahaaga mareegaha iyo makarafoonkaaga si ay adiga iyo agagaarkaaga u duubaan si gebi ahaanba ku xad-gudbay arrimaha gaarka ah.
• Xuquuqda Maamulka^{(Administration Rights)} : Weeraryahanku waxa laga yaabaa inuu beddelo goob kasta, wax ka beddelo qiyamka diiwaangelinta oo uu wax badan ku sameeyo kombayutarkaaga fasax la'aanteed. RAT waxay siin kartaa mudnaanta heerka maamule qofka weerarka geystay.
• Overclocking : Weeraryahanku wuxuu kordhin karaa xawaaraha processor-ka, xad dhaafka nidaamka wuxuu dhaawici karaa qaybaha qalabka oo ugu dambeyntii ku gubi dambaska.
• Awoodaha kale ee nidaamka-gaarka ah^{(Other system-specific capabilitie)} s: Weerarku wuxuu geli karaa wax kasta oo ku jira kombiyuutarkaaga, faylashaada, ereyada sirta ah, sheekaysiga iyo wax kasta.

Siday u shaqeeyaan marinka fogaanta Trojans

Helitaanka fog ee ^{(Remote Access)} Trojans waxay ku yimaadaan qaabeynta macmiilka-server halkaasoo server-ku si qarsoodi ah loogu rakibay PC dhibbanaha, macmiilka waxaa loo isticmaali karaa in lagu galo kombuyutarka dhibbanaha iyada oo loo marayo GUI ama interface interface. Xidhiidhka u dhexeeya server-ka iyo macmiilka ayaa laga furay deked gaar ah, iyo xidhiidh qarsoodi ah ama cad ayaa ka dhex dhici kara serverka iyo macmiilka. Haddii shabakada iyo baakadaha la soo diray/helay si sax ah loola socdo, RAT-yada^(RATs) waa la aqoonsan karaa waana laga saari karaa.

Kahortagga weerarka RAT

RAT-yadu^(RATs) waxay u maraan kombuyuutarrada emails-ka spamka ah^{(spam emails)} , software si xaasidnimo leh loo qorsheeyay ama waxay ka soo buuxaan qayb ka mid ah software ama codsi kale. Waa inaad had iyo jeer haysataa barnaamij ka hortag ah oo wanaagsan oo lagu rakibay kombiyuutarkaaga kaas oo ogaan kara oo baabi'in kara RATs^(RATs) . Helitaanka RAT-yada^(RATs) waa hawl aad u adag maadaama lagu rakibay magac random ah oo u ekaan kara codsi kasta oo kale oo caadi ah, markaa waxaad u baahan tahay inaad haysato barnaamij ka hortag ah oo aad u wanaagsan taas^(Antivirus) .

La socodka shabakadaada^{(Monitoring your network)} waxay sidoo kale noqon kartaa hab wanaagsan oo lagu ogaado Trojan kasta oo u soo diraya xogtaada gaarka ah internetka.

Haddii aadan isticmaalin Aaladaha Maamulka Fog^{(Remote Administration Tools)} , dami ku xidhidhiyaha Kaalmada Fog ee^{(disable Remote Assistance connections)} kombiyuutarkaaga. Waxaad ka heli doontaa goobta nidaamka ' SystemProperties > Remote tab > Uncheck Kaalmada^{(Allow Remote Assistance connections to this computer)} Fog ee xulashada kombayutarkan .

Ka dhig nidaamkaaga qalliinka, software ku rakiban iyo gaar ahaan barnaamijyada amniga kuwa la cusboonaysiiyay^{(security programs updated)} mar walba. Sidoo kale, isku day inaadan gujin iimaylada aadan ku kalsoonayn oo ka yimid meel aan la garanayn. Ha kala soo degin wax software ah ilo aan ka ahayn shabakadeeda rasmiga ah ama muraayadda.

Kadib weerarkii RAT

Marka aad ogaato in lagu soo weeraray, tallaabada ugu horreysa waa in aad ka saarto nidaamkaaga internetka^(Internet) iyo Shabakadda^(Network) haddii aad ku xiran tahay. Beddel^(Change) dhammaan furahaaga sirta ah iyo macluumaadka kale ee xasaasiga ah oo hubi haddii mid ka mid ah akoonnadaada la jabsaday addoo isticmaalaya kombiyuutar kale oo nadiif ah. Ka hubi akoonnada bangigaaga wixii macaamilo khiyaano ah oo isla markiiba bangigaaga u sheeg Trojan -ka ku jira kombiyuutarkaaga. Ka dib ka baadh kumbuyuutarka arrimaha oo raadso caawimo xirfadle ah si aad uga saarto RAT . Ka fiirsada xidhitaanka Dekedda 80^{(Port 80)} . Isticmaal Sawirka Dekadda Firewall si aad u hubiso dhammaan Dekadahaaga.

Waxaad xitaa isku dayi kartaa inaad dib-u-raacdo oo aad ogaato cidda ka dambeysay weerarka, laakiin waxaad u baahan doontaa caawimo xirfadle ah taas. RAT-yada inta badan waa laga saari karaa marka la ogaado, ama waxaad yeelan kartaa rakib cusub oo Windows ah si aad gabi ahaanba u saarto.

Trojans-ka Helitaanka Fog ee Caadiga ah

Qaar badan oo ka mid ah Trojans Helitaanka^{(Remote Access)} Fog ayaa hadda shaqaynaya oo malaayiin qalab ah saameeya. Kuwa ugu caansan ayaa halkan looga hadlayaa maqaalkan:

1. Sub7 : 'Sub7' waxaa laga soo qaatay higgaadda NetBus ( RAT ka weyn ) gadaal waa qalab maamul fog oo bilaash ah kaasoo kuu ogolaanaya inaad maamusho PC-ga martida loo yahay. Qalabka waxaa loo kala saaray Trojans by khubaro dhanka ammaanka ah, waxayna noqon kartaa halis in lagu hayo kombayutarkaada.
2. Back Orifice : Back Orifice iyo qofka ku xiga Back Orifice 2000^{(Back Orifice 2000)} waa qalab bilaash ah oo markii hore loogu talagalay maamulka fog - laakiin ma aysan qaadan wakhti in qalabku uu u beddelo Trojan a Remote Access^{(Access Trojan)} . Waxaa jiray muran ah in qalabkani uu yahay Trojan , laakiin horumariyayaashu waxay ku taagan yihiin xaqiiqda ah inay tahay qalab sharci ah oo bixiya helitaanka maamulka fog. Barnaamijku hadda waxa loo aqoonsaday inuu yahay malware inta badan barnaamijyada antivirus.
3. DarkComet : Waa aalad maamul fog oo aad loo fidin karo oo leh astaamo badan oo suurtagal ah in loo adeegsado basaasnimada. Qalabkan ayaa sidoo kale xiriir la leh dagaalka sokeeye ee^{(Civil War)} Suuriya halkaas oo la sheegay in dowladdu ay^(Government) u adeegsatay qalabkan si ay u basaasto dadka rayidka ah. Qalabka ayaa mar hore si xun loo isticmaalay, horumariyayaashuna waxay joojiyeen horumarinteeda dheeraadka ah.
4. shark : Waa qalab maamul fog oo horumarsan. Looma jeedo kuwa bilawga ah iyo kuwa jabsada hiwaayadda. Waxaa la sheegay in ay tahay qalab loogu talagalay xirfadlayaasha amniga iyo isticmaalayaasha horumarsan.
5. Havex : Trojankan ayaa si weyn loogu isticmaalay ka dhanka ah waaxda warshadaha. Waxay ururisaa macluumaadka ay ku jiraan joogitaanka Nidaam kasta oo Xakamaynta Warshadaha^{(Industrial Control System)} ka dibna waxay u gudbisaa macluumaad isku mid ah mareegaha fogfog.
6. Sakula : Waa ^(Sakula)Trojan -ka fog ee ka soo gala rakibe aad dooratay. Waxay muujin doontaa inay ku rakibayso qalab kombuyuutarkaaga laakiin waxay ku rakibaysaa malware-ka.
7. KjW0rm : Trojan -kan wuxuu ku yimaadaa iyadoo ay ka buuxaan awoodo badan laakiin mar horeba waxaa lagu calaamadeeyay khatar qalabyo badan oo Antivirus ah.

Trojan-kan Helitaanka Fog^{(Remote Access Trojan)} ayaa ka caawiyay dad badan oo jabsaday inay jabsadaan malaayiin kombuyuutar ah. Inaad ka hortagto qalabkani waa waajib, iyo barnaamij wanaagsan oo ammaan ah oo leh isticmaale feejignaan ayaa ah waxa ay ku qaadaneyso si looga hortago in Trojans-ka ay waxyeeleeyaan kombiyuutarkaaga.

Boostada waxaa loogu talagalay inay noqoto maqaal macluumaad leh oo ku saabsan RATs oo sinaba uma dhiirrigeliso isticmaalkooda. Waxaa laga yaabaa inay jiraan sharciyo sharci ah oo ku saabsan isticmaalka qalabkan oo kale gudaha dalkaaga, xaalad kasta.

Ka akhri wax badan oo ku saabsan Aaladaha Maamulka Fog-fog^{(Remote Administration Tools)} halkan.

What is Remote Access Trojan? Prevention, Detection & Removal

Remote Access Trojans (RAT) have always proved to be a big risk to this world when it comes to hijacking a computer or just playing a prank with a friend. A RAT is malicious software that lets the operator attack a computer and gain unauthorized remote access to it. RATs have been here for years, and they persist as finding some RATs is a difficult task even for the modern Antivirus software out there.

In this post, we will see what is Remote Access Trojan and talks about detection & removal techniques available. It also explains, in short, some of the common RATs like CyberGate, DarkComet, Optix, Shark, Havex, ComRat, VorteX Rat, Sakula and KjW0rm.

What are Remote Access Trojans

Most of the Remote Access Trojan are downloaded in malicious emails, unauthorized programs and web links that take you nowhere. RATs are not simple like Keylogger programs – they provide the attacker with a lot of capabilities such as:

• Keylogging: Your keystrokes could be monitored, and usernames, passwords, and other sensitive information could be recovered from it.
• Screen Capture: Screenshots can be obtained to see what is going on your computer.
• Hardware Media Capture: RATs can take access to your webcam and mic to record you and your surroundings completely violating privacy.
• Administration Rights: The attacker may change any settings, modify registry values and do a lot more to your computer without your permission. RAT can provide an administrator-level privileges to the attacker.
• Overclocking: The attacker may increase processor speeds, overclocking the system can harm the hardware components and eventually burn them to ashes.
• Other system-specific capabilities: Attacker can have access to anything on your computer, your files, passwords, chats and just anything.

How do Remote Access Trojans work

Remote Access Trojans come in a server-client configuration where the server is covertly installed on the victim PC, and the client can be used to access the victim PC through a GUI or a command interface. A link between server and client is opened on a specific port, and encrypted or plain communication can happen between the server and the client. If the network and packets sent/received are monitored properly, RATs can be identified and removed.

RAT attack Prevention

RATs make their way to computers from spam emails, maliciously programmed software or they come packed as a part of some other software or application. You must always have a good antivirus program installed on your computer that can detect and eliminate RATs. Detecting RATs is quite a difficult task as they are installed under a random name that may seem like any other common application, and so you need to have a really good Antivirus program for that.

Monitoring your network can also be a good way to detect any Trojan sending your personal data over the internet.

If you don’t use Remote Administration Tools, disable Remote Assistance connections to your computer. You will get the setting in SystemProperties > Remote tab > Uncheck Allow Remote Assistance connections to this computer option.

Keep your operating system, installed software and particularly security programs updated at all times. Also, try not to click on emails that you don’t trust and are from an unknown source. Do not download any software from sources other than its official website or mirror.

After the RAT attack

Once you know you’ve been attacked, the first step is to disconnect your system from the Internet and the Network if you are connected. Change all your passwords and other sensitive information and check if any of your accounts has been compromised using another clean computer. Check your bank accounts for any fraudulent transactions and immediately inform your bank about the Trojan in your computer. Then scan the computer for issues and seek professional help for removing the RAT. Consider closing Port 80. Use a Firewall Port Scanner to check all your Ports.

You can even try to back-track and know who was behind the attack, but you’ll need professional help for that. RATs can usually be removed once they are detected, or you can have a fresh installation of Windows to completely remove it off.

Common Remote Access Trojans

Many Remote Access Trojans are currently active now and infecting millions of devices. The most notorious ones are discussed here in this article:

1. Sub7: ‘Sub7’ derived by spelling NetBus (an older RAT) backward is a free remote administration tool that lets you have control over the host PC. The tool has been categorized into Trojans by security experts, and it can be potentially risky to have it on your computer.
2. Back Orifice: Back Orifice and its successor Back Orifice 2000 is a free tool that was originally meant for remote administration – but it didn’t take the time that the tool got converted into a Remote Access Trojan. There has been a controversy that this tool is a Trojan, but developers stand upon the fact that it is a legitimate tool that provides remote administration access. The program is now identified as malware by most of antivirus programs.
3. DarkComet: It is a very extensible remote administration tool with a lot of features that could be potentially used for spying. The tool also has its links with the Syrian Civil War where it is reported that the Government used this tool to spy on civilians. The tool has already been misused a lot, and the developers have stopped its further development.
4. sharK: It is an advanced remote administration tool. Not meant for beginners and amateur hackers. It is said to be a tool for security professionals and advanced users.
5. Havex: This trojan has been extensively used against the industrial sector. It collects information including the presence of any Industrial Control System and then passes on the same information to remote websites.
6. Sakula: A remote access Trojan that comes in an installer of your choice. It will depict that it is installing some tool on your computer but will install the malware along with it.
7. KjW0rm: This Trojan comes packed with a lot of capabilities but already marked as a threat by many Antivirus tools.

These Remote Access Trojan have helped many hackers compromise millions of computers. Having protection against these tools is a must, and a good security program with an alert user is all it takes to prevent these Trojans from compromising your computer.

This post was meant to be an informative article about RATs and does not in any way promote their usage. There may be some legal laws about the usage of such tools in your country, in any case.

Read more about Remote Administration Tools here.

Related posts

• Weerarada Nuglaanta Afduubka DLL, Kahortagga & Ogaanshaha

• Aaladaha Maamulka Fog: Khataraha, Hanjabaadaha, Kahortagga

• Bundleware: Qeexid, Kahortag, Hagaha saarista

• Afduubka Browser-ka iyo Aaladaha Ciribtirka Af-duubaha Biraawsarkaaga

• Aaladaha ka saarida Malware ee bilaashka ah si meesha looga saaro Virus gaar ah Windows 11/10

• Sidee Microsoft u aqoonsataa Malware & Codsiyada aan la rabin ee suurtogalka ah

• Sida looga saaro Digniinta Virus-ka Microsoft ee Windows PC

• NeoRouter waa gelitaanka fog ee qaabaynta eber & xalka VPN

• TeamViewer: Gelida Fog ee Bilaashka ah iyo Software ka ilaalinta

• Waa maxay IDP.generic fayraska iyo sida loo saaro?

• Sida loo isticmaalo Avast Boot Scan si looga saaro Malware-ka Windows PC

• Deji chrome Remote Desktop si aad meel fog uga gasho PC kasta

• Sida loo hubiyo in faylku xaasid yahay iyo in kale Windows 11/10

• Sida loo dejiyo DNS Dynamic Free si aad u hesho meel fog kombuyuutarkaaga

• Waa maxay dambiyada internetka? Sidee wax looga qabtaa?

• Waa maxay CandyOpen? Sidee looga saaraa CandyOpen Windows 10?

• Weerarada Cyber ​​- Qeexid, Noocyada, Ka Hortagga

• Soo-gudbinta Malware: Halkee loo gudbiyaa faylasha malware-ka Microsoft iyo kuwa kale?

• Ku Habee Qufulka Koontada Helitaanka Fog ee Windows Server

• Waa maxay Rootkit? Sidee buu u shaqeeyaa Rootkits? Rootkits ayaa sharaxay.