Question one part one
RAT(s) is an acronym of remote access Trojans. These are small programs that allow remote access and control of a client machine. These programs usually come as attachments to legitimate pieces of software and are used to allow remote access to a machine where they have infected. These programs come in two pieces: client and server programs. The server program installs (mostly in background to keep the user unaware of the installation) in host computer and soon takes effect. Upon entering any network, it broadcasts the IP of the machine allowing remote access. As a good example in corporate networks is Trojan horse (Christodorescu, 2003). This malware allows remote access and control of a computer and mainly causes a slow response in the computers (Roger, 2002). In one incident that I witnessed in my institution’s LAN was infection of all research computers with Trojan horse. This gave a user almost absolute control over a remote machine.
Part 2
In order to get rid of such RATs, there are several forensic methods that are employed. One of these methods is having an updated antivirus scanner and malware detector. This helps scrutinize all pieces of hardware and software that attaches to this machine. One of the most vivid evidences that a computer has been infected with a RAT is unexpected open IP port most especially if it matches a known Trojan port (Roger, 2002).
Question two
The process of dealing with malware has become an obfuscation-de-obfuscation game since the malware code writers are writing their code to counter and challenge the malware research detectors. The malware detectors use a virus database signature to detect a malware by comparison of the malware signature and what the antivirus has (Roger, 2002). Due to the massive production of malware and obfuscation techniques, these malware codes pass undetected. These malware are able to hide themselves in the machine or computer where they disguise as clean programs or completely shield themselves in a genuine program. In some cases, some may even hide in the hardware part of the machine. Some of these malware include: Trojan horses, worms, viruses and spyware (Yin, 2007).
In conclusion, computer penetration and security of personal data is at risk due to RATs and other pieces of malware. This has led to research on the best ways to safeguard personal data and information which is in computers that are connected to a network. Currently the mostly employed techniques are eh use of firewalls and antivirus programs (Yin, 2007).
References
Question two reference
Yin, H. 2007, Capturing system-wide information flow for malware detection and analysis, New York, NY: ACM retrieved from http://iseclab.org/papers/ccs07_panorama.pdf
Roger A. 2002. Danger: Remote Access Trojans, retrieved from http://technet.microsoft.com/en-us/library/dd632947.aspx
Question one reference
Roger A. 2002. Danger: Remote Access Trojans, retrieved from http://technet.microsoft.com/en-us/library/dd632947.aspx
Christodorescu, M (2003). Static analysis of executables to detect malicious patterns, Berkeley, CA: USENIX Association. Retrieved fromhttp://www.dtic.mil/cgbin/GetTRDoc?AD=ADA449067&Location=U2&doc=GetTRDoc.pdf
