Home Malware Programs Botnets StealRat

StealRat

Posted: July 23, 2013

Threat Metric

Threat Level: 2/10
Infected PCs: 95
First Seen: July 23, 2013
OS(es) Affected: Windows

StealRat is a backdoor Trojan that uses a botnet to conduct spam-based attacks through a multi-step setup that's designed to avoid being detected by traditional security protocols. Because of StealRat's simple but effective mechanism of offloading much of its attack process through compromised websites, you're unlikely to notice any obvious symptoms of a StealRat infection on your computer, despite its ability to exploit your PC's own resources for illegal attacks against arbitrary e-mail addresses. Already, tens of thousands of PCs are estimated to be infected by StealRat, which has seen a rise in its attack campaign as of this year. Anti-malware always should be relied upon for finding or deleting StealRat infections,

StealRat: a RAT with Plenty of Layers to Its Deception

Spam botnets are a very common sight in 2013, but StealRat has taken some extra steps to make itself unusually effective at its illegal tasks, despite lacking the kind of sophisticated code that would be expected of high-level threats like, for example, Sirefef or Trojan Zeus. Initially, StealRat seems to be a typical botnet Trojan, installing itself and launching in a hidden manner and then linking your computer to a remote server. This server delivers the relevant data for StealRat's spam attacks. However, instead of launching this attack from your computer, StealRat chooses to send the data to a hacked website, which processes the data and sends it to yet another hacked website. This second site adds an e-mail message template and finally makes the attack – with several degrees of separation between the StealRat-infected computer and the actual spamming activity.

Originally, SpywareRemove.com malware experts expected that this spam would be used to deliver file attachments with StealRat. However, the criminals in charge of this campaign even have included a safe buffer between their spam and StealRat: the messages provide links to related compromised websites, rather than to direct downloads of StealRat. All of these layers of obfuscation between the StealRat infection and the related attacks can allow StealRat to avoid being detected by many types of security programs, but SpywareRemove.com malware experts note that a dedicated anti-malware product still should be apt at identifying an actual StealRat infection.

The Three Ways to Clamp Down on StealRat's Theft of Your PC's Memory

As a Trojan that opens your PC up to connection with a malicious server and uses your PC's resources without your consent for illegal activities, all StealRat infections should be treated as dangerous to your PC. Regardless of the many steps StealRat takes to keep victims from identifying its spam functions easily, updated anti-malware programs should be capable of deleting StealRat. However, StealRat's campaign is still in active development, and StealRat may not be detectable by anti-malware products that are limited by poorly-updated threat databases.

Besides having anti-malware products to wipe out StealRat after the infection occurs, SpywareRemove.com malware researchers also recommend that you have browser security features enabled for protecting you from sites hacked and forced to distribute StealRat. Drive-by-downloads that can install StealRat or other Trojans automatically remain a major infection vector throughout the Web and don't need to display symptoms to compromise your computer. Finally, taking care to delete spam and avoid suspicious links leading to StealRat-related sites also is, obviously, a commendable decision for keeping your PC safe.

2 Comments

  • Dennis Clarke says:

    Hi, I got a stealrat on my website (hacked website), can I hire someone or buy software that removes it from servers/websites instead of just PCs? Kind regards, Dennis

  • Nova says:

    Yes, you may use SpyHunter to detect and remove StealRat.

Loading...