Kjw0rm and Sir DoOom are Njw0rm's evolutionary step
The code for Njw0rm RAT (remote access Trojan) leaked in May 2013 on a website hosting malicious software is believed to have served as starting point for cybercriminals to create new malware pieces.
Kjw0rm (v2.0 and v0.5x) and Sir DoOom share similarities with Njw0rm, also known as njrat, in terms of functionality, but the authors of the new threats added some features of their own.
Threats rely on a similar infection method
Although the two pieces have been coded in Visual Basic Script and the original was built with AutoIT, there are similarities that cannot be overlooked, such as the propagation method used.
Michael Marcos, threat response engineer at Trend Micro, says that all three threats infect the computer via removable devices and create shortcut icons for legitimate folders that point to the malware. Full Article