Bandook RAT Description
The Bandook RAT (Remote Access Trojan) has had a presence online for quite a few years now. This Trojan first emerged in 2005 and is believed to have originated from Lebanon. Over the years, it has been known by many names like Bandok.bd, Backdoor.Bandook, Troj.Bandok-j and Backdoor.Win32. It was capable of infecting machines running Windows 7, Windows XP, Windows Vista, Windows 2000, and Server 2003, which means that at the time Bandook RAT was a threat to a very large number of users who were using the Windows operating systems.
The infection occurs when the attackers create a corrupted server, spread it to victims, and use it to infect their computers and take control over them. Once the Bandook RAT's server is deployed, it will establish a connection to the attackers' computer, which will make it possible for them to take advantage of the RAT's features. The threatening program will nest itself in legitimate processes in an attempt to mislead anti-virus software and bypass basic security measures.
In the analyzed version of Bandook RAT that was detected, this Trojan's executable file is called 'ali.exe,' and it is dropped in the system folders. However, every cybercriminal that employs Bandook RAT can configure a different name, folder, and process name for it. The payload of Bandook RAT is fairly small in size – around 30kb. This Trojan has an impressive set of features – system and file managing, screen capturing, keystroke logging, etc. Bandook RAT is also capable of spying on your conversation and collecting your login credentials via its keylogger feature. The data collected would then be transferred to the attacker's servers. Furthermore, The Bandook RAT is capable of executing remote code on the infiltrated computer and interchanging the ports it uses to communicate with the attacker's server, therefore avoiding potential blocks from firewall software.
Overall, despite being released back in 2005, do not be quick to write off Bandook RAT as old news. Cybercriminals have been improving this Trojan over the years greatly, and it is certainly not a threat to overlook. It is paramount that you have a reputable anti-malware tool installed so that you can keep threats like Bandook RAT at bay.
Do You Suspect Your PC May Be Infected with Bandook RAT & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Bandook RAT as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.