Wikipedia:Articles for deletion/NjRAT

:The following discussion is an archived debate of the proposed deletion of the article below. Please do not modify it. Subsequent comments should be made on the appropriate discussion page (such as the article's talk page or in a deletion review). No further edits should be made to this page.

The result was keep‎__EXPECTED_UNCONNECTED_PAGE__. Liz ^{Read! Talk!} 23:42, 14 December 2024 (UTC)

=[[:NjRAT]]=

:{{la|1=NjRAT}} – (View AfDView log | edits since nomination)

:({{Find sources AFD|title=NjRAT}})

Probably doesn't meet WP:GNG. Devchar (talk) 13:54, 7 December 2024 (UTC)

Note: This discussion has been included in the list of Computing-related deletion discussions. Shellwood (talk) 13:58, 7 December 2024 (UTC)
Note: This discussion has been included in the list of Software-related deletion discussions. WCQuidditch ☎ ✎ 19:29, 7 December 2024 (UTC)

:Keep: The sourcing here is so strong that I'm dubious whether a proper WP: BEFORE was conducted. Existing sources are sufficient.

:[https://www.vice.com/en/article/hackers-islamic-state-malware/ This] Vice News article interviews a threat researcher who describes the virus:

Willis McDonald, threat researcher at Core Security, told Motherboard in an email that the file was a dropper—a piece of software that installs malware—for Bladabindi, otherwise known as NJRat. According to a Microsoft post on Bladabindi, the malware can siphon sensitive information, and open up the machine to more attacks. This remote-access-tool (RAT) has the capability to steal credentials, take screenshots, take pictures or video through the webcam, log keystrokes and transfer files. This tool has been around since at least 2013 and is very common due to a leaked builder and server freely available on low-level criminal forums that allows the attacker to create their own customized RAT.

:The Vice News article also cites [https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=MSIL/Bladabindi this Microsoft report] that describes the icons that NjRAT uses, ways that the malware tampers with its host, and what malicious behaviors it exhibits, including the capture of screenshots and keystrokes. The details of the malware that Microsoft provides are very detailed; you should take a look at the "Technical Information" section. It's several paragraphs long and contains screenshots, so I've summarized the text here rather than quote it verbatim.

:Also, the [https://krebsonsecurity.com/2014/07/microsoft-darkens-4mm-sites-in-malware-fight/#more-26708 Krebs On Security article] also describes how Microsoft seized domain names used to spread the malware:

In this case, however, the attackers responsible for leveraging two malware families — remote-access Trojans known as “njrat” and “njw0rm” — were using no-ip.com’s services to guarantee that PCs they infected would always be able to reach the Internet servers. Microsoft told the court that miscreants who were using these two malware strains were leveraging more than 18,400 hostnames that belonged to no-ip.com. On June 26, the court granted Microsoft the authority to temporarily seize control over 23 domains owned by no-ip.com — essentially all of the domains that power no-ip.com’s free dynamic DNS services.

:Because the subject meets WP: GNG, the article should be kept. HyperAccelerated (talk) 02:56, 9 December 2024 (UTC)

Keep. Additional sources are found in a cursory WP:BEFORE search, and Vice and KrebsOnSecurity already contribute to a GNG pass. Dclemens1971 (talk) 21:27, 14 December 2024 (UTC)

:The above discussion is preserved as an archive of the debate. Please do not modify it. Subsequent comments should be made on the appropriate discussion page (such as the article's talk page or in a deletion review). No further edits should be made to this page.