RunPE Detector is a security program that requires no installation, specifically designed to detect and eliminate certain suspicious processes. Phrozen Software has created a new way to detect and remove illegitimate remote access software (RAT).
A closer look at malware/viruses known as RATs:
(RAT stands for Remote Access Tool, but they are mainly used to build a botnet).
Under the guise of computer administration and remote access programs (such as VNC or Teamviewer), these programs are distributed and used as Trojans.
There are various RATs, one of the oldest is BlackShades, the most used is Darkomet or NanoCore.
RATs are sold but cracked versions can be found, tutorials (including videos on youtube) exist in abundance, therefore anyone, who has very little knowledge, can create their own Botnet (network of infected PCs).
RATs operate in Client/Server mode; you run a server and clients connect to it.
The goal is to get the client-side component to execute without the PC user's knowledge in order to take control of the machine, which is generally quite simple, via social engineering, since the targeted individuals are usually not very computer savvy.
Some common RATs (Remote Access Control):
NanoBot and MSIL:NANOCORE
MSIL/IMMIRATE
BACKDOOR:WIN32/XTRAT
TROJAN.CHICKIL
WORM:WIN32/AINSLOT.A
MSIL/OMANEAT
The most virulent ones that bypass antivirus software:
BiFrose
Backdoor.Prorat
Backdoor.Cybergate
DarkoMet
Backdoor: Win32/Fynloski
Configuration:
– Windows (x32/x64 Bits): XP, Vista, 7, 8, 8.1, 10
– Processor: Pentium 4 3GHz
– RAM: 1 GB
– Disk space: 20 MB
Facility :
Execute : Detector.exe
- Language : English
- Size : 5.9 MB
This article was updated on November 25, 2016
