Nor should files be downloaded from untrustworthy sources on the web, both of which allow organisations to remain vigilant and clear of any RATs (remote access trojans).
Ensure patch management is constantly up-to-date. Updates are deployed for good reasons, and so it’s essential they are promptly downloaded for both operating systems and browsers alike.
Any time where updates are avoided, whether due to employees being unaware an update is available or if patches are viewed as irritating disruptors to workload, creates a window of opportunity for hackers. For those struggling to keep on top of patch management, it may be time to invest in a patch management tool.
Also see: What is a Trojan?
Detecting the dirty RATs
If the worst comes to pass and efforts of prevention are not working, it’s time to move into the location and removal phases. However, RATs can only be removed once they have first been detected. Therefore it’s vital to know and recognise what signs to look for, they are there.
One of the less obvious signs is a slower network connection. Being a symptom related to many ailments, even experienced IT professionals can be forgiven for experiencing connection issues and not immediately accusing invisible RATs. However, chances are that given a slower operating speed an autopsy is carried out, likely resulting in the inspector coming across an unexpectedly open IP port. This is a clear giveaway that there could be a RAT lurking in the shadows. Also look out for altered or deleted files, and unknown programs installed onto the device.
When suspicions are raised, it’s then time to install security software from a trusted and reliable source - here, exercise caution. Ideally, the computer would be disconnected from the internet to ensure the security probe can itself work undetected. After a full security scan, follow the recommended steps listed by the security software to remove the threat. Once the infection has been successfully removed, all details should be considered compromised. Passwords should be changed and accounts explored to scope out the damage.
Trojan removal tools
Ordinary antivirus scanners aren’t likely to detect encrypted RATs, proven by their ability to live undetected in computers for years. Utilising reputable antivirus and anti-malware solutions do help ensure RATs are unable to properly function, and assist in mitigating any data-collection activities, however the best way to target and remove RATs is through investing in an intrusion detection tool.
Intrusion detection tools are efficient and able to automate much of the removal process. They can contain signatures that can detect trojan packets within network traffic, and if properly configured, can even reliably detect encrypted traffic. Security administrators continue to rely on trojan-specific scanners as they are the only pieces of software that can consistently stamp out a RAT.
However, the saving grace is that RATs take a lot of time to construct and are not so commonly used these days. Typically those employed by hackers are acquired rather than built, meaning that trojan scanners or even more general anti-virus software is able to pull them up. As they are a time-consuming method of attack, they are also generally saved for larger corporations where they provide hackers with a decent ROI. However, since any computer is a target, there’s may long term profit lying ahead for a hacker.
This type of attack is very subtle and can be extremely intrusive.