×

UPSC Courses

DNA banner

DAILY NEWS ANALYSIS

  • 27 February, 2021

  • 8 Min Read

NetWire- Infiltrated Remote Access Trojan

NetWire- Infiltrated Remote Access Trojan

Introduction

  • Activist Rona Wilson, who has been imprisoned since June 2018 in connection with the Bhima Koregaon violence case, filed a petition in the Bombay High Court seeking a stay on proceedings against him and others who are co-accused.
  • His petition referred to a report brought out by Arsenal Consulting, a digital forensics consulting company. The report states that for 22 months, Mr. Wilson’s computer was controlled by an attacker whose goal was to deliver incriminating documents onto his computer, which formed the basis of the case against him.

What was Arsenal Consulting’s analysis based on?

  • Arsenal Consulting says its analysis was based largely on a forensic image obtained from the hard drive within Mr. Wilson’s computer.
    • A forensic image is often described as a bit-by-bit copy of any electronic device that can store memory.
    • Such an image will include even deleted data or data that were inaccessible to the user.
    • It is considered an important part of digital evidence-gathering during investigations.

How was the computer infiltrated?

  • What is being conveyed by the report is that Mr. Wilson’s computer got infiltrated by a malware that enabled his system to be remote-controlled.
  • Over the course of 22 months, it says, the attacker not only created a hidden folder in his system, but also created incriminating documents inside that folder.
  • These, it says, were never opened but ended up being used in the case against him and others.
  • The report says his computer got compromised on June 13, 2016 after a series of “suspicious mails” from “someone using Varavara Rao’s email account”.
  • Mr. Rao is a co-accused in the case. This person is said to have made repeated attempts to get Mr. Wilson to open a document, which he finally did.
  • This was a bait, and it triggered the installation of the NetWire remote access trojan on his computer.
  • The bait was delivered via an RAR file, which usually contains one or many files in a compressed format.
  • The report says while “Mr. Wilson thought he was opening a link to Dropbox” in the email sent to him, he was actually opening a link to “a malicious command and control server”.

What is NetWire?

  • NetWire, which first surfaced in 2012, is a well-known malware.
  • It is also one of the most active ones around.
  • It is a remote access trojan, or RAT, which gives control of the infected system to an attacker.
  • Such malware can log keystrokes and compromise passwords.
  • Malware, according to cybersecurity experts, essentially do two things.
    • One is data exfiltration, which means stealing data. Most anti-virus software are equipped to prevent this.
    • The other involves infiltrating a system, and this has proven to be far more challenging for anti-virus software.
  • NetWire is described as an off-the-shelf malware, while something like Pegasus, which used a bug in WhatsApp to infiltrate users’ phones in 2019, is custom-made and sold to nations.

What is a command and control server?

  • The commands emerging from this server is what the infected system will carry out.

How did Arsenal Consulting figure out that the incriminating documents were never opened on Mr. Wilson’s computer?

  • Arsenal Consulting says it reviewed the NTFS file system, which can be found on any Windows system.
  • This is a system of storing and organising files. It keeps a log of the files — whether they are created, modified, or deleted.
  • Object identifiers are assigned to files when they are either created or first opened. Arsenal Consulting says none of the “top ten documents” have any such identifiers.

Source: TH


World bank logistic performance index 2023

World bank logistic performance index 2023 India is now ranked 38th out of 139 nations in the Logistic Performance Index (LPI) 2023 of the World Bank. From its previous rankings of 44th in 2018 and 54th in 2014, this is a notable improvement. Earlier, the Logistics Ease Across Different States (LEADS) Report 2022 was published by the Mini

Smuggling of Gold

Smuggling of Gold Airports discovered more than 63% of this illegal gold. The Department of Revenue Intelligence recently conducted the Golden Dawn Operation across India, seizing 101.7 kg of illegal gold valued at Rs 51 crore. Despite the fact that India receives a legal import of about 800-1,000 tonnes of gold each year, the illicit mar

India-Thailand Relations

India-Thailand Relations Both parties expressed satisfaction with the ongoing bilateral defence cooperation at the 8th India-Thailand Defence Dialogue, which was held in Bangkok, Thailand. Cultural ties and mutual cooperation that have been shaped by thousands of years of lasting historical and cultural ties characterise India and Thailand

Translocation of Elephants

Translocation of Elephants The Kerala government's appeal of the order of the Kerala High Court is rejected by the Supreme Court. The Kerala government's appeal against the Kerala High Court's directive to move Arikomban (Wild Elephant), the "rice tusker" of Munnar, to the Parambikulam tiger reserve was recently dismis

Global Buddhist Summit

Global Buddhist Summit In order to improve diplomatic and cultural ties with other nations, the Ministry of Culture recently organised the First Global Buddhist Summit 2023 in collaboration with the International Buddhist Confederation (IBC). About the summit "Responses to Contemporary Challenges: Philosophy to Praxis" is

Toppers

Search By Date

Post Feed

Newsletter Subscription
SMS Alerts