On January 22, 2015, a threat response engineer for the American security software company Trend Micro posted a blog concerning the new remote access Trojan (RAT) malware Njw0rm/Kjw0rm. In it, the engineer wrote that he had discovered the code for the malware on the website dev-point.com, which is disguised as an IT enthusiast website but instead features various types of spyware and malware. The code came from a forum on the site that was entirely in Arabic, leading the engineer to suspect that “an Arabic-speaking country is behind it.”
The whois info for dev-points.com features text in Arabic stating that the site deals with technical matters and development and has a forum to discuss software issues.
Source: Blog.trendmicro.com, January 22, 2015; who.is, January 23, 2015.