Attacked by a RAT

By volemus
Jul 24, 2007
Topic Status:
Not open for further replies.
  1. Hi, we regularly use VNC Server here as a way for my husband to manipulate, and/or access info on my pc. We are wireless (I'm the host), and I always assumed he accessed me by wireless this way. So far, no war drivers have been able to hack into it.
    Last night I was perusing the audio/video forum here on TechSpot (nothing else open) and my husband was sitting at his desk right behind me tapping away. Suddenly I see VNC requesting access to my pc. No biggie I thought, he wants to check something. So I hit 'accept' so the request wouldn't time-out (he gets annoyed when I let that happen :) I then turned around to see what he was doing. I asked him what he was looking for. He said he was just doing some coding; so I asked why he "RAT-ted" me. I turned to look at my screen to see someone open up taskmgr, select something (I forget what), then run something suspicious-looking. I then realized that because of router problems, I had already bypassed it earlier...so someone else was hacking my machine. And they were typing almost too fast for me to keep up with. Needless to say, I killed the connection right away. If I hadn't panicked I might've thought to do a screen capture.
    After doing a start>run, this came up as the last entry:
    %systemroot%\system32\cmd.exe
    Wow, I wonder what they might've done?
    Can someone please briefly explain how these RATs work, and is there any way to keep this from happening again (besides verifying who's requesting the access, obviously) Is there anything else I should do?
    I ran AV & malware scans which turned up only cookies. I left them alone. Would they have even had anything to do with what happened?
  2. kitty500cat

    kitty500cat Newcomer, in training Posts: 2,407   +6

    Although intrigued by this aspect of computer security, I'm rather new to it; so I'm not quite sure what to tell you. I recommend sending a private message to our member jobeard. He's very experienced in such matters and should be able to provide you with some assistance.

    Regards :)
  3. raybay

    raybay TechSpot Evangelist Posts: 10,716   +6

    Also be sure you read up on normal security procedures for WPA security. It installs easily and is extremely difficult for the evil guys to cause problems once it is on. WEP, is no longer considered safe.
  4. volemus

    volemus Newcomer, in training Topic Starter

    Yes, we (well, my husband actually) did immediately change to WPA, since we've been meaning to do so for weeks now anyway. We hope that this protocol will truly make it harder for attackers. And we were also looking at 'WPA2 Personal,' because the algorithm gives a choice of AES or TKIP+AES. Does anyone know if the combination is any more secure?

    Where would we read about these "normal security procedures" you speak of -are you implying just doing one's basic 'google' search; or are you referring to the install process itself?

    Also, is (Real VNC) that big of a security hole that if I wasn't prompted to accept, would the intruder have been able to connect immediately? I know there are settings in there and all, but. I mean, if we did not even have 'VNC' would there have been other ways for that person to connect..?

    BTW I confess we are using the Windows firewall--not that we don't have others available to us (via our AV softwares), but since we've had repeated probs with those (browser crashes most specifically) we've had to ditch theirs in favor of Windows' f/w.
  5. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    I would recommend that you ditch Windows firewall and get these instead:(please use one and only one!) Using more than one is not recommended as it will hog your system resources and potentially cause conflicts.
    Zonealarm
    Kerio
    Comodo

    I think Raybay meant "the usual methods for installing" WPA security. As he said, it is quite simple, you can't really go wrong. The procedure may vary slightly for different routers; you can choose to google or simply ask here and we'll be glad to help you out on that.

    I personally use TKIP (since that extra layer of security is there you might as well use it) and havent experienced much problems with external threats so far. The choice is entirely yours however, google to see varied opinions and justifications for each.


    Regards,
    Your friendly momok =)

    This thread is for the use of volemus only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.