A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #18908  by EP_X0FF
 Fri Apr 12, 2013 8:56 am
Last edited by EP_X0FF on Fri Apr 12, 2013 11:49 am, edited 1 time in total. Reason: fix
 #18912  by EP_X0FF
 Fri Apr 12, 2013 11:45 am
Yes I always mislabel this garbage. If you have any of listed RAT's not posted here, please attach (better each in separate topic), so we can build comprehensive list with samples, not only names.
 #18914  by rkhunter
 Fri Apr 12, 2013 12:15 pm
Interesting question: could we name backdoors as RAT? For example well known for us - ZeroAccess. What are the main characteristics and differences between RATs and Backdoors? Guess some features, because RAT contains a lot of features like keylogger, special user interface...
 #18917  by EP_X0FF
 Fri Apr 12, 2013 12:52 pm
ZeroAccess cannot be considered as RAT as none of it features or plugins not providing remote administration support. From the beginning RAT is not malware (e.g. Radmin/RealVNC), but a component that can be used by malware, while backdoor is a malware with implemented minumum remote administration functional as a optional feature.

Some trojans with backdoor functionality positioning itself as RAT, for example Blackshades. In the same time they offer crypter for their "product" ("prevent others (no matter who) from analyzing your executables (EXE) files") and multiscanner - "scanning engine to determine which anti-viruses detect a file". Making itself look legitimate as only possible.
 #18918  by rkhunter
 Fri Apr 12, 2013 1:30 pm
For me ZeroAccess can't be called as RAT, because it allows the remote access for attackers as secondary purpose. But backdoors equal to RAT because both allow remote access to compromised machine. And of course ZAccess is a malware.
 #18919  by k0ng0
 Fri Apr 12, 2013 2:34 pm
Cool List.
Me Wonders how yall keep up with this.
I do this on the side. Not full-time