How it’s done
RAT tools aren’t new; the hacker group Cult of the Dead Cow famously released an early one called BackOrifice at the Defcon hacker convention in 1998. The lead author, who went by the alias Sir Dystic, called BackOrifice a tool designed for “remote tech support aid and employee monitoring and administering [of a Windows network].” But the Cult of the Dead Cow press release made clear that BackOrifice was meant to expose “Microsoft’s Swiss cheese approach to security.” Compared to today’s tools, BackOrifice was primitive. It could handle the basics, though: logging keystrokes, restarting the target machine, transferring files between computers, and snapping screenshots of the target computer.
Today, a cottage industry exists to build sophisticated RAT tools with names like DarkComet and BlackShades and to install and administer them on dozens or even hundreds of remote computers. When anti-malware vendors began to detect and clean these programs from infected computers, the RAT community built “crypters” to disguise the target code further. Today, serious ratters seek software that is currently “FUD”—fully undetectable.
Building an army of slaves isn’t particularly complicated; ratters simply need to trick their targets into running a file. This is commonly done by seeding file-sharing networks with infected files and naming them after popular songs or movies, or through even more creative methods. “I seem to get a lot of female slaves by spreading Sims 3 with a [RAT] server on torrent sites,” wrote one poster. Another turned to social media, where “I’ve been able to message random hot girls on facebook (0 mutual friends) and infect (usually become friends with them too); with the right words anything is possible.”
For those who can’t even manage this on their own, RAT experts hawk their slave-infecting expertise in e-books such as Rusty_v’s Spreading Guide v 7.0, a 22-page tome that goes for $14.95 (and which claims to be the best-selling book on Hack Forums). “Ever faced a situation where you have FUD server but cannot get victims?” goes the sales pitch. “Or maybe you’re getting a lot less installs compared to the amount of work you are putting in?” Followers of Rusty_v’s methods are told they can pick up 500-3,000 slaves per day. The book is “noob friendly” and features “many screenshots.”
And if even this handholding isn’t enough, more successful ratters sometimes rent out slaves they have already infected. In other cases, they simply hand them off to others in a “Free Girl Slave Giveaway.”
Calling most of these guys “hackers” does a real disservice to hackers everywhere; only minimal technical skill is now required to deploy a RAT and acquire slaves. Once infected, all the common RAT software provides a control panel view in which one can see all current slaves, their locations, and the status of their machines. With a few clicks, the operator can start watching the screen or webcam of any slave currently online.