A HIGHLY SPOHISTICATED BOTNET is on the hunt for PCs to enslave and use as malware-spreading machines.
The botnet-recruiting malware has been dubbed Mylobot by Deep Instinct security researcher Tom Nipravsky, who discovered the malicious code after it was detected and prevented from causing chaos in one of the company’s client’s live IT environments.
Not only can the malware add an infected machine into a botnet suitable for spreading more malware, launching DDoS attacks, and powering ransomware campaigns, it’s also pretty good at evading detection.
Anti-sandboxing and anti-debugging techniques are used to keep the malware out of sight, while the use of reflective EXE allows EXE files to be executed directly from memory, rather than from a computer’s disk drive, thereby further avoiding detection. The malware can even lurk for 14 days before it needs to establish a connection with a command and control server, thereby making it more challenging to detect.
Mylobot has one particularly interesting trait in that it hunts down and terminates instances of other malware and deletes the folders associated with other botnets, such as DorkBot.
“We estimate this rare and unique behaviour is because of money purposes within the Dark web. Attackers compete against each other to have as many ‘zombie computers’ as possible in order to increase their value when proposing services to other attackers, especially when it comes to spreading infrastructures,” explained Nipravsky.
“The more computers – the more money an attacker can make. This is something we’re seeing here as well.”
The sophistication of the malware and the botnet it creates is likely due to it being designed to generate money for hackers and people who lurk on the Dark Web.
Mylobot is also a dab hand at shutting down Windows Defender and Windows Update while locking additional ports on an infected machine’s firewall. It also deletes the ‘%APPDATA% folder, which can trigger a data loss.
But a lot of the damage the malware can cause depends on the payload it has been equipped with. It’s main aim, though, appears to be the complete takeover of a victim’s computer and then its enslavement into a botnet – and depending on what the affected machine is used for, the damage to it can become pretty nasty.
“This can result in loss of tremendous amount of data, the need to shut down computers for recovery purposes, which can lead to disasters in enterprises,” said Nipravsky.
“The fact that the botnet behaves as a gate for additional payloads, puts the enterprise in risk for leak of sensitive data as well, following the risk of keyloggers / banking trojans installations.”
Such sophisticated malware is rare and, despite its smart design, it was still detected by Deep Instinct’s security tech, though it’s worth noting the firm uses deep learning techniques to dig out cyber nasties, something run-of-the-mill anti-virus software doesn’t offer.
So best be extra vigilant for the time being to what your downloading or what’s lurking behind the processes of your PC. µ
Source : Inquirer