New RATs emerge from leaked Njw0rm source code

From Botnets.fr
Jump to: navigation, search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

New RATs emerge from leaked Njw0rm source code
Botnet Njw0rm, kjw0rm, Sir DoOom
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2015 / 2015-01-22
Editor/Conference Trend Labs
Link http://blog.trendmicro.com/trendlabs-security-intelligence/new-rats-emerge-from-leaked-njw0rm-source-code/ (Archive copy)
Author Michael Marcos
Type Blogpost

Abstract

In the middle of my research on the remote access Trojan (RAT) known as “njrat” or “Njw0rm”, I stumbled upon dev-point.com, a site that disguises itself as a site for “IT enthusiasts” but actually hosts various downloaders, different types of spyware, and RATs. I explored the site and found that they host malware under the “Protection Devices” section in their website. Under this section was a forum written in Arabic, which may suggest that an Arabic-speaking country is behind it.

Bibtex

 @misc{Marcos2015BFR389,
   editor = {Trend Labs},
   author = {Michael Marcos},
   title = {New RATs emerge from leaked Njw0rm source code},
   date = {22},
   month = Jan,
   year = {2015},
   howpublished = {\url{http://blog.trendmicro.com/trendlabs-security-intelligence/new-rats-emerge-from-leaked-njw0rm-source-code/}},
 }