RATS Vs. TROJANS

[Eyecre8]

Gotta ask a quick question....
and I apologize off the bat about this rant... had to get it off my chest.
I cringe each time I read the word RAT in the IT sense.

Over the past few months, I have seen people out of the blue start using the term RATS as opposed to just TROJAN.

Whats the difference?

RAT is a buzz word that has sprung up.... Remote Access Trojan...

But a Trojan is loosly defined as Client Server software... of which the server is often installed in a sneaky/stealthy manner.

Given that.... Client Server definition... that implies that the server is going to be accessed by a client... remotely.

I recently read an article on RATS on the front page of MSN's website and it was titled something to the effect of "Move over Phishers, make way for RATS".
The article more or less made it seem that TROJANS are some new threat... and that they can keylog, capture banking passwords...etc.
HELL... Keylogging (among a ton of other features)has been included in trojans for YEEEARS! So why all the hype now? And why the new name? REMOTE ACCESS TROJAN... its like saying "Air Traversing PLANE"... we already know it flys through the air.

Is this just media causing a stir or am I missing something?

[Deeboe]

Hello,

To be honest, this is the first time I have even heard of the term RAT, so I looked into it. I found the following Abstract from Virus Bulletin: http://www.virusbtn.com/conference/v...nistration.xml

That link however is just to the abstract of that study of course. It might be a good start. I am curious too though and am interesting in hearing others opinions.

-Deeboe

[MrLinus]

RAT can also mean Remote Administration Tool and I think that has traditionally be used to differentiate between a trojan and a tool used by an admin for legit purposes, eventhough they do the same thing in essence.

As for the media, they revive old stores all the time in an attempt to cause FUD (fear, uncertainty, doubt) amongst their readership since it sells more.

[Egaladeist]

It's my understanding...that a Trojan is a program that masks what it's doing on your computer by pretending to be something else...it in effect operates automatically...

whereas a RAT is a trojan that gives a hacker/cracker/scriptkiddie ( use the term you want ) direct access to your computer as an administrator.

One is a program that is installed and the other is a door for access.

Eg

[Eyecre8]

MsMittens - I think you are correct in saying that it might also mean Remote Administration Tool.
But lets look at the original releases of Back Orifice. It was used by some for legit remote administration (via Command line interface - no gui) We all know Back Orifice is a popular Trojan.

Egaladeist - Your understanding as well is correct. There are actually several variations in the definition for Trojan, but the common theme being "A trojan is designed to operate with functions unknown to the victim often disquised as useful software...."

a section taken from wikipedia:

The kind of undesired functions are not part of the definition of a Trojan Horse; they can be of any kind, but typically they have malicious intent.

In practice, Trojan Horses in the wild often contain spying functions (such as a packet sniffer) or backdoor functions that allow a computer, unbeknownst to the owner, to be remotely controlled from the network

I will definitely agree with MsMittens regarding the Media ... and that reviving old fears or simply creating new ones sells more.

[MrLinus]

MsMittens - I think you are correct in saying that it might also mean Remote Administration Tool. But lets look at the original releases of Back Orifice. It was used by some for legit remote administration (via Command line interface - no gui) We all know Back Orifice is a popular Trojan.

And it was designed originally for legit purposes, as a direct challenge to what Microsoft had (I think it was SMS or something like that) and what they were charging in addition to server costs. Any tool released (e.g., nmap) can be used for both malicious and legit reasons -- it all boils down to intent.

[brokencrow]

There's some overlap in both definitions. A RAT can be both a remote access tool and a remote access trojan. Just had a case last week where I installed WinVNC in a client's computer only to have it picked up by AOL's antispyware as a RAT, replete with warnings and all. One of my favorite remote access tools is Remote Administrator, which I believe has been cracked so as to be incorporated in a few trojans. And not-so-oddly enough, Spybot picks up legitimately installed copies of Radmin (short for Remote Administrator) as a RAT.

Yeah, it gets confusing...this is a fast-moving environment that often defies definition....

[Juridian]

RATS is also the name of a code auditing tool.

[Nokia]

Ive never heard of a RAT meaning a Remote Access Trojan - if you think about it, it does not make sence, .....Remote - Access - Trojan.....how the hell else are you gonna access a trojan!


AFAIK a RAT has always been a Remote Admin Tool.



Where are you looking that calles it a RA[Trojan]

[brokencrow]

RAT, or RAT...same difference, eh?

http://www3.ca.com/Solutions/Collate...?CID=37734&ID=

And this one from M$...

http://www.microsoft.com/technet/sec.../virusrat.mspx

Obviously there's a lot of confusion around the terminology when apps like Spybot and AOL's antispyware detect legit tools like radmin and VNC as "trojans".