While I was gone yesterday, I spotted an article by Brian Krebs that asks who netwire was. Who’s Behind the NetWire Remote Access Trojan? is the article and worth the read.
As an investigative reporter, I found the article interesting and wondered if we should do this as a topic.
The first paragraph of this informative article says:
A Croatian national has been arrested for allegedly operating NetWire, a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of the NetWire sales website by the U.S. Federal Bureau of Investigation (FBI). While the defendant in this case hasn’t yet been named publicly, the NetWire website has been leaking information about the likely true identity and location of its owner for the past 11 years.
This RAT is installed through Microsoft office documents which are known to be “booby-trapped.”
According to the first paragraph of the linked Wikipedia article, it states:
A booby trap is a device or setup that is intended to kill, harm or surprise a human or another animal. It is triggered by the presence or actions of the victim and sometimes has some form of bait designed to lure the victim towards it. The trap may be set to act upon trespassers that enter restricted areas, and it can be triggered when the victim performs an action (e.g., opening a door, picking something up, or switching something on). It can also be triggered by vehicles driving along a road, as in the case of improvised explosive devices (IEDs).
Unfortunately, we need to skip some sections as this is a good definition for most users, I did spot a section on computer uses of this term.
There is only one paragraph in this section and it says the following:
Many computer viruses take the form of booby traps in that they are triggered when an unsuspecting user performs an apparently ordinary action such as opening an email attachment.[36]
That number in brackets is a footnote which you can find within the article itself for more info.
Netwire has been part of the top 10 RATS in use according to the article.
It also can claim to be an actual remote application to do things that remote applications do.
After Kreb’s piece which is also mentioned in an article he mentions on Mastodon today titled How the FBI proved a remote admin tool was actually malware.
This was quite interesting as some of the article is the same as Krebs, but yet has more information on how they were able to find the information that they found.
I hope that this finds you well, you decide to learn and make sure you keep yourself as safe as possible. Thanks for reading!
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.