Tech Time Warp: Smelling a RAT in Graybird
This week’s Tech Time Warp is one of the most insidious forms of malware: the remote access Trojan, or RAT. While other viruses brick your machine or spam your email contacts, a RAT lurks in the background, quietly stealing passwords and credit card numbers with keystroke loggers and even controlling your webcam.
First identified and defined in early April 2003, Backdoor.Graybird—commonly called Graybird—was one such RAT. Graybird originated in China, where it was among the most common viruses and even sold by a hacking studio known as “Gray Pigeon.” The hidden virus allowed a hacker to take remote screenshots, access local files and steal personal information from afar. Viruses such as Graybird are known as rootkits, which work to hide malicious programs and change standard operating system procedures. The hidden nature of a rootkit makes it all the more difficult for a user to know they are using an infected machine—unless they know to look for the specific Svch0st.exe file.
Graybird targeted the following Windows operating systems: Windows 95, Windows 98, Windows ME, Windows NT, Windows 2000 and Windows XP. It typically hitchhiked its way onto a computer via a legit-looking attachment, often delivered with a side of social engineering. It might even arrive looking like a legit remote administration tool. But well intentioned Graybird was not. In addition to stealing personal information, Graybird turned your local machine into an FTP server for the hackers and even opened and closed CD-ROM drives.
On March 21, 2007, Gray Pigeon Studio announced it was ending development of Graybird due to rampant misuse. It’s unclear what “proper” use of Graybird would have constituted.
Did you enjoy this installation of SmarterMSP’s Tech Time Warp? Check out others here.
Photo: alexeisido / Shutterstock