MENU

The following information was obtained from the different cyber security sources and provided as a notification to all parties concerned pursuant to the mandate of the Philippine National Police  Anti-Cybercrime Group (PNP ACG).

The information provided is classified as Restricted pursuant to the PNP Regulation 200-012 on document securitywith impact rating of significant and threat rating of high,based on PNP Information Communication p. 22 and p.129.


SUMMARY

Ghost RAT is a Trojan horse for the Windows platform that the operators of GhostNet used to hack into some of the most sensitive computer networks on Earth.  It is a cyber spying computer program.  The “Rat” part of the name refers to the software’s ability to operate as a “Remote Administration Tool”.


A GhostRat is a type of harmless malware which is usually unwanted on a system.  This usually monitors the behavior of the user to unleash targeted pop-up advertisements that degrades the computer performance.


GhostRat enters into a vulnerable machine via user download.  When a browser is opened, GhostRat begins running in the background and disguise as a program designed to improve user’s experience and functionality.  It only engaged in capturing information or attempting to advertise unwanted products and service.

RECOMMENDATION

The community are advised to follow the best practices in securing and protecting devices on a ghostrat malware for personal use or for work:

•    Disable System Restore (Windows Me/XP);
•    Update the virus definitions;
•    Find and stop unwanted running services;
•    Regularly run full system scan; and
•    Delete any values added to the registry.

For additional information, please refer to the following security websites:

•    https://en.wikipedia.org/wiki/Gh0st_RAT
•    https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ghostrat
•    https://www.symantec.com/security_response/writeup.jsp?docid=2009-033015-5616-99&tabid=3

POINT OF CONTACT

Please contact CSRAD, PNP ACG for any inquiries related to this CYBER SECURITY BULLETIN at http://mail.pnp.gov.ph/ and This email address is being protected from spambots. You need JavaScript enabled to view it. or call 7230401 local 5337.