‘Malware sample in Wilson case named after place in AP’ | Mumbai News


Mumbai: There is an Andhra Pradesh connection to the alleged planting of evidence by the National Investigating Agency in the laptop belonging to Elgar Parishad accused Rona Wilson.
When the laptop was first allegedly compromised in 2016, the hacker had named the first malware sample “Puttakota.exe.” It turns out that Puttakota is in Guntur district of Andhra Pradesh and near it lie the ruins of a 13th century hilltop Kondaveedu Fort. The place was also in the news in February 2016 after two persons were shot dead by AP anti-Naxal police in the Puttakota forest. Police had refuted claims by tribals that the deceased were “innocent hunters.” Wilson has relied on a digital forensic report by US-based Arsenal Consulting to quash the criminal proceedings against him in the Bombay high court. The NIA has submitted a chargesheet against Wilson alleging Maoist links, a conspiracy to disrupt communal peace, waging war against the nation and several terror offences under the stringent Unlawful Activities (Prevention) Act (UAPA).
The private cyber forensic report from the US said “this particular sample first connected to its C2 (command control) server on June 13, 2016 at 7.14 pm…and appears to have been customized on June 11, 2016.”
“Generally speaking and not commenting on this case, attackers usually name targeted malware based on what they perceive the target will find interesting enough to click upon. The name is the bait,” said Samir Datt, founder of Forensics Guru and president of Digital Investigators Association in India, on Thursday
The report by Mark Spencer of Arsenal Consulting said the “attacker” had a “naming convention” for the malware. “The NetWire (malware) sample ‘Puttakota.exe’ was launched from a folder named ‘requisition1302,’” said the report.
“It appears that the attacker included customization dates within ‘Host Id’ values to better identify particular Netwire samples deployed to victims such as Wilson,” the report by the consulting firm said.
While NIA has stood by the evidence it has collected, senior Pune police officers associated with the investigation of the case before it was transferred to the NIA in February…

Source…