RATS Vs. TROJANS
Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: RATS Vs. TROJANS

  1. #1
    Member
    Join Date
    Sep 2005
    Posts
    77

    RATS Vs. TROJANS

    Gotta ask a quick question....
    and I apologize off the bat about this rant... had to get it off my chest.
    I cringe each time I read the word RAT in the IT sense.

    Over the past few months, I have seen people out of the blue start using the term RATS as opposed to just TROJAN.

    Whats the difference?

    RAT is a buzz word that has sprung up.... Remote Access Trojan...

    But a Trojan is loosly defined as Client Server software... of which the server is often installed in a sneaky/stealthy manner.

    Given that.... Client Server definition... that implies that the server is going to be accessed by a client... remotely.

    I recently read an article on RATS on the front page of MSN's website and it was titled something to the effect of "Move over Phishers, make way for RATS".
    The article more or less made it seem that TROJANS are some new threat... and that they can keylog, capture banking passwords...etc.
    HELL... Keylogging (among a ton of other features)has been included in trojans for YEEEARS! So why all the hype now? And why the new name? REMOTE ACCESS TROJAN... its like saying "Air Traversing PLANE"... we already know it flys through the air.

    Is this just media causing a stir or am I missing something?
    %42%75%75%75%75%72%70%21%00

  2. #2
    Senior Member Deeboe's Avatar
    Join Date
    Nov 2005
    Posts
    185
    Hello,

    To be honest, this is the first time I have even heard of the term RAT, so I looked into it. I found the following Abstract from Virus Bulletin: http://www.virusbtn.com/conference/v...nistration.xml

    That link however is just to the abstract of that study of course. It might be a good start. I am curious too though and am interesting in hearing others opinions.

    -Deeboe
    If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
    - Sun Tzu, The Art of War

    http://tazforum.**********.com/

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    RAT can also mean Remote Administration Tool and I think that has traditionally be used to differentiate between a trojan and a tool used by an admin for legit purposes, eventhough they do the same thing in essence.

    As for the media, they revive old stores all the time in an attempt to cause FUD (fear, uncertainty, doubt) amongst their readership since it sells more.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    T̙͓̞̣̯ͦͭͅͅȂͧͭͧ̏̈͏̖̖Z̿ ͆̎̄
    Join Date
    Dec 2004
    Posts
    3,171
    It's my understanding...that a Trojan is a program that masks what it's doing on your computer by pretending to be something else...it in effect operates automatically...

    whereas a RAT is a trojan that gives a hacker/cracker/scriptkiddie ( use the term you want ) direct access to your computer as an administrator.

    One is a program that is installed and the other is a door for access.

    Eg

  5. #5
    Member
    Join Date
    Sep 2005
    Posts
    77
    MsMittens - I think you are correct in saying that it might also mean Remote Administration Tool.
    But lets look at the original releases of Back Orifice. It was used by some for legit remote administration (via Command line interface - no gui) We all know Back Orifice is a popular Trojan.

    Egaladeist - Your understanding as well is correct. There are actually several variations in the definition for Trojan, but the common theme being "A trojan is designed to operate with functions unknown to the victim often disquised as useful software...."

    a section taken from wikipedia:
    The kind of undesired functions are not part of the definition of a Trojan Horse; they can be of any kind, but typically they have malicious intent.

    In practice, Trojan Horses in the wild often contain spying functions (such as a packet sniffer) or backdoor functions that allow a computer, unbeknownst to the owner, to be remotely controlled from the network
    I will definitely agree with MsMittens regarding the Media ... and that reviving old fears or simply creating new ones sells more.
    %42%75%75%75%75%72%70%21%00

  6. #6
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    MsMittens - I think you are correct in saying that it might also mean Remote Administration Tool. But lets look at the original releases of Back Orifice. It was used by some for legit remote administration (via Command line interface - no gui) We all know Back Orifice is a popular Trojan.
    And it was designed originally for legit purposes, as a direct challenge to what Microsoft had (I think it was SMS or something like that) and what they were charging in addition to server costs. Any tool released (e.g., nmap) can be used for both malicious and legit reasons -- it all boils down to intent.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  7. #7
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    There's some overlap in both definitions. A RAT can be both a remote access tool and a remote access trojan. Just had a case last week where I installed WinVNC in a client's computer only to have it picked up by AOL's antispyware as a RAT, replete with warnings and all. One of my favorite remote access tools is Remote Administrator, which I believe has been cracked so as to be incorporated in a few trojans. And not-so-oddly enough, Spybot picks up legitimately installed copies of Radmin (short for Remote Administrator) as a RAT.

    Yeah, it gets confusing...this is a fast-moving environment that often defies definition....
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  8. #8
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    RATS is also the name of a code auditing tool.
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  9. #9
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    Ive never heard of a RAT meaning a Remote Access Trojan - if you think about it, it does not make sence, .....Remote - Access - Trojan.....how the hell else are you gonna access a trojan!


    AFAIK a RAT has always been a Remote Admin Tool.



    Where are you looking that calles it a RA[Trojan]
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  10. #10
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    RAT, or RAT...same difference, eh?

    http://www3.ca.com/Solutions/Collate...?CID=37734&ID=

    And this one from M$...

    http://www.microsoft.com/technet/sec.../virusrat.mspx

    Obviously there's a lot of confusion around the terminology when apps like Spybot and AOL's antispyware detect legit tools like radmin and VNC as "trojans".
    “Everybody is ignorant, only on different subjects.” — Will Rogers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •