Posted: July 23, 2013

StealRat Description

StealRat is a backdoor Trojan that uses a botnet to conduct spam-based attacks through a multi-step setup that's designed to avoid being detected by traditional security protocols. Because of StealRat's simple but effective mechanism of offloading much of its attack process through compromised websites, you're unlikely to notice any obvious symptoms of a StealRat infection on your computer, despite its ability to exploit your PC's own resources for illegal attacks against arbitrary e-mail addresses. Already, tens of thousands of PCs are estimated to be infected by StealRat, which has seen a rise in its attack campaign as of this year. Anti-malware always should be relied upon for finding or deleting StealRat infections,

StealRat: a RAT with Plenty of Layers to Its Deception

Spam botnets are a very common sight in 2013, but StealRat has taken some extra steps to make itself unusually effective at its illegal tasks, despite lacking the kind of sophisticated code that would be expected of high-level threats like, for example, Sirefef or Trojan Zeus. Initially, StealRat seems to be a typical botnet Trojan, installing itself and launching in a hidden manner and then linking your computer to a remote server. This server delivers the relevant data for StealRat's spam attacks. However, instead of launching this attack from your computer, StealRat chooses to send the data to a hacked website, which processes the data and sends it to yet another hacked website. This second site adds an e-mail message template and finally makes the attack – with several degrees of separation between the StealRat-infected computer and the actual spamming activity.

Originally, malware experts expected that this spam would be used to deliver file attachments with StealRat. However, the criminals in charge of this campaign even have included a safe buffer between their spam and StealRat: the messages provide links to related compromised websites, rather than to direct downloads of StealRat. All of these layers of obfuscation between the StealRat infection and the related attacks can allow StealRat to avoid being detected by many types of security programs, but malware experts note that a dedicated anti-malware product still should be apt at identifying an actual StealRat infection.

The Three Ways to Clamp Down on StealRat's Theft of Your PC's Memory

As a Trojan that opens your PC up to connection with a malicious server and uses your PC's resources without your consent for illegal activities, all StealRat infections should be treated as dangerous to your PC. Regardless of the many steps StealRat takes to keep victims from identifying its spam functions easily, updated anti-malware programs should be capable of deleting StealRat. However, StealRat's campaign is still in active development, and StealRat may not be detectable by anti-malware products that are limited by poorly-updated threat databases.

Besides having anti-malware products to wipe out StealRat after the infection occurs, malware researchers also recommend that you have browser security features enabled for protecting you from sites hacked and forced to distribute StealRat. Drive-by-downloads that can install StealRat or other Trojans automatically remain a major infection vector throughout the Web and don't need to display symptoms to compromise your computer. Finally, taking care to delete spam and avoid suspicious links leading to StealRat-related sites also is, obviously, a commendable decision for keeping your PC safe.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to StealRat may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.


Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.