NjRAT & H-Worm variant infections continue to rise

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

NjRAT & H-Worm variant infections continue to rise
Botnet NjRAT, H-Worm
Botnet/malware group
Exploit kits
Distribution vector
Operation/Working group
CCProtocol TCP, HTTP
Date 2015 / 2015-03-20
Editor/Conference Zscaler
Link http://research.zscaler.com/2015/03/njrat-h-worm-variant-infections.html (Archive copy)
Type Blogpost


njRAT Trojan also known as Bladabindi, is a Remote Access Tool (RAT) that was first seen in 2013 and has been extremely prevalent in the Middle Eastern region. njRAT was developed using Microsoft's .NET framework and like many other RATs, provides complete control of the infected system and delivers an array of features to the remote attacker. We have seen attackers leveraging popular gaming & software application cracks & keygens as the lure to infect end users.

There have been many variants of njRAT. H-Worm, also known as Houdini, is one of the most popular variants and was reportedly used in attacks against the international energy sector. In this blog we will provide a brief overview of njRAT and H-Worm as well as an analysis of the H-Worm activity we've seen over the past few months.


   editor = {Zscaler},
   author = {},
   title = {NjRAT & H-Worm variant infections continue to rise},
   date = {20},
   month = Mar,
   year = {2015},
   howpublished = {\url{http://research.zscaler.com/2015/03/njrat-h-worm-variant-infections.html}},