NjRAT & H-Worm variant infections continue to rise

From Botnets.fr
Jump to: navigation, search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

NjRAT & H-Worm variant infections continue to rise
Botnet NjRAT, H-Worm
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol TCP, HTTP
Date 2015 / 2015-03-20
Editor/Conference Zscaler
Link http://research.zscaler.com/2015/03/njrat-h-worm-variant-infections.html (Archive copy)
Author
Type Blogpost

Abstract

njRAT Trojan also known as Bladabindi, is a Remote Access Tool (RAT) that was first seen in 2013 and has been extremely prevalent in the Middle Eastern region. njRAT was developed using Microsoft's .NET framework and like many other RATs, provides complete control of the infected system and delivers an array of features to the remote attacker. We have seen attackers leveraging popular gaming & software application cracks & keygens as the lure to infect end users.

There have been many variants of njRAT. H-Worm, also known as Houdini, is one of the most popular variants and was reportedly used in attacks against the international energy sector. In this blog we will provide a brief overview of njRAT and H-Worm as well as an analysis of the H-Worm activity we've seen over the past few months.

Bibtex

 @misc{empty</strong>2015BFR1539,
   editor = {Zscaler},
   author = {},
   title = {NjRAT & H-Worm variant infections continue to rise},
   date = {20},
   month = Mar,
   year = {2015},
   howpublished = {\url{http://research.zscaler.com/2015/03/njrat-h-worm-variant-infections.html}},
 }