Hacker scene trojanisiert remote administration tool

·

Manufacturer World Wired Labs praises NetWire as advanced remote support software. The server runs on Windows, various Linux distributions, Mac OS X and Solaris, the client only on Windows PCs. The basic version costs $ 65, the extensible with add-on Pro version $ 105; gibts the price for the advanced version on request.

 So far, so simple. But already the line "Undetected" pricing table indicates that there is more in progress: The manufacturer promises that the Windows version of Advanced NetWire by any virus scanner is detected. And already we are in a gray area.

 World Wired Labs describes NetWire as a reliable tool for remote maintenance of a corporate infrastructure, the operating system sees no boundaries. The connection between client and server is protected by AES encryption, and is limited to a single TCP port. On the other hand, the manufacturer advertises for NetWire "special remote access requirements" - from monitoring to control the next generation.
In a hacker forum, the program is presented very differently. As is pointed out that NetWire via reverse proxy by any firewall and each router through that, it reads the password for any browser and the keylogger is running without administrator rights. Extensions for spying on TrueCrypt passwords and log instant messaging conversations are under way. From this point of view, the remote administration tool for quickly mutated Trojans Toolkit.

 The manufacturer, it is not right that the product migrates into the dark corners of the Internet. Every time you create a remote maintenance hosts NetWire displayed first a disclaimer. With one click, the user must confirm that he NetWire not used for unauthorized access to other computers or other illegal activities.

 The hacker, who has been touted in NetWire Forums multi-platform Trojans, Wired World Labs has quickly thrown out of the affiliate program. This prevents others from applying, in particular non-public hacker forums "Crypter" offer, the NetWire-compiled files should hide from antivirus programs.

 Since it is hardly surprising that the remote service program is now fallen into the crosshairs of the anti-virus vendors. Dr. Web NetWire designated as password thief, running it as "BackDoor.Wirenet.1". Other manufacturers call the software "TrojanSpy", "NetWired" and "NetWeird" (sic). VirusTotal According the Windows version of the standard model is currently recognized by NetWire of 16 scanners, the Linux version of 6, the Solaris version of 4 and the Mac version of 9 scan engines. Bizarrely, the Windows client will be detected more frequently than the hosts: Here struck 26 of 42 scanners Alarm - The modular system is thus seen as malicious as the compilations.

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)