×

UPSC Courses

DNA banner

DAILY NEWS ANALYSIS

  • 27 February, 2021

  • 8 Min Read

NetWire- Infiltrated Remote Access Trojan

NetWire- Infiltrated Remote Access Trojan

Introduction

  • Activist Rona Wilson, who has been imprisoned since June 2018 in connection with the Bhima Koregaon violence case, filed a petition in the Bombay High Court seeking a stay on proceedings against him and others who are co-accused.
  • His petition referred to a report brought out by Arsenal Consulting, a digital forensics consulting company. The report states that for 22 months, Mr. Wilson’s computer was controlled by an attacker whose goal was to deliver incriminating documents onto his computer, which formed the basis of the case against him.

What was Arsenal Consulting’s analysis based on?

  • Arsenal Consulting says its analysis was based largely on a forensic image obtained from the hard drive within Mr. Wilson’s computer.
    • A forensic image is often described as a bit-by-bit copy of any electronic device that can store memory.
    • Such an image will include even deleted data or data that were inaccessible to the user.
    • It is considered an important part of digital evidence-gathering during investigations.

How was the computer infiltrated?

  • What is being conveyed by the report is that Mr. Wilson’s computer got infiltrated by a malware that enabled his system to be remote-controlled.
  • Over the course of 22 months, it says, the attacker not only created a hidden folder in his system, but also created incriminating documents inside that folder.
  • These, it says, were never opened but ended up being used in the case against him and others.
  • The report says his computer got compromised on June 13, 2016 after a series of “suspicious mails” from “someone using Varavara Rao’s email account”.
  • Mr. Rao is a co-accused in the case. This person is said to have made repeated attempts to get Mr. Wilson to open a document, which he finally did.
  • This was a bait, and it triggered the installation of the NetWire remote access trojan on his computer.
  • The bait was delivered via an RAR file, which usually contains one or many files in a compressed format.
  • The report says while “Mr. Wilson thought he was opening a link to Dropbox” in the email sent to him, he was actually opening a link to “a malicious command and control server”.

What is NetWire?

  • NetWire, which first surfaced in 2012, is a well-known malware.
  • It is also one of the most active ones around.
  • It is a remote access trojan, or RAT, which gives control of the infected system to an attacker.
  • Such malware can log keystrokes and compromise passwords.
  • Malware, according to cybersecurity experts, essentially do two things.
    • One is data exfiltration, which means stealing data. Most anti-virus software are equipped to prevent this.
    • The other involves infiltrating a system, and this has proven to be far more challenging for anti-virus software.
  • NetWire is described as an off-the-shelf malware, while something like Pegasus, which used a bug in WhatsApp to infiltrate users’ phones in 2019, is custom-made and sold to nations.

What is a command and control server?

  • The commands emerging from this server is what the infected system will carry out.

How did Arsenal Consulting figure out that the incriminating documents were never opened on Mr. Wilson’s computer?

  • Arsenal Consulting says it reviewed the NTFS file system, which can be found on any Windows system.
  • This is a system of storing and organising files. It keeps a log of the files — whether they are created, modified, or deleted.
  • Object identifiers are assigned to files when they are either created or first opened. Arsenal Consulting says none of the “top ten documents” have any such identifiers.

Source: TH


Pradhan Mantri Suryodaya Yojana

Recently, Prime Minister announced Pradhan Mantri Suryodaya Yojana under which 1 crore households will get rooftop solar power systems. India’s Status of Current Solar Capacity India currently stands at 4th place globally in solar power capacity. As per Ministry of New an

Foreign Contribution Regulation Act (FCRA)- NGO 

The Foreign Contribution Regulation Act, 2010 (FCRA) registration of two prominent non-governmental organisations (NGOs) — Centre for Policy Research (CPR) and World Vision India (WVI) have been cancelled this month. What is FCRA? Key provisions of FCRA, 2010 Key aspects Description

Voice clone-AI

Voice clone fraud has been on the rise in India. AI voice cloning – It is the process of creating a synthetic replica of a person’s voice through machine learning and speech synthesis technology.It is called as voice deepfakesor audio deepfakes. Objective – To achieve a high level of na

Science communication- how to promote

Steps taken by India to promote Science Communication Publications and Information Directorate (PID) - An organisation under Council of Science and Industrial Research (CSIR) established in 1951 for publishing and disseminating scientific information in India. National science magazines- The PI

Universal Basic Income (UBI)- Analysis

Universal Basic Income (UBI) can strengthen welfare architecture and unlock the nation’s latent demographic potential. UBI - It is an income support mechanism typically intended to reach all or a very large portion of the population regardless of their earnings or employment status. Objective- To provide enough to co

Toppers

Search By Date

Newsletter Subscription
SMS Alerts

Important Links

UPSC GS Mains Crash Course - RAW Prelims Answer Key 2024