Jump to content

Recommended Posts

Posted

Being online just got a tad riskier, for the umpteenth time, thanks to the emergence of a nasty sounding piece of new malware that stealthily avoid detections.

Mylobot, discovered in the wild by Tom Nipravsky, a security researcher at Deep Instinct, is apparently building up a complex botnet, infecting Windows PCs and employs several measures to avoid detection.

The malware can be primed to deliver any number of different payloads, so it could install ransomware or a Trojan, pilfer data, recruit the machine to add firepower to a future DDoS attack – a whole host of unpleasant possibilities are at the malware author’s fingertips.

As for its detection evasion techniques, these include anti-sandboxing routines, disguising its inner workings via encryption, and using a reflective EXE – meaning it executes directly from memory rather than disk, making spotting it harder.

The malware lies dormant for two weeks, doing nothing and keeping a very low profile before finally searching out its command and control server. Stealth is at a premium here, for sure.

Botnet bashing

Interestingly, once active, Mylobot even searches for other botnets on the host PC, and attempts to stop their processes and remove them, effectively barging any competing malware out of the way.

It also shuts down Windows Defender and Windows Update to help make sure it can carry out its nefarious work (whatever that may be) without interruption.

All of which, in short, means this is a highly sophisticated and thus dangerous little beast.

Where did it come from? The origin of the malware remains unknown, as does the intentions of the author, but apparently there is some possible connection to Locky, a famous piece of ransomware, as well as other strains of the latter.

ZDNet reports that Nipravsky observed: “We haven't found any indication about who the author is, but based on the code, this is someone who knows what they're doing.”

Right now, the good news is that Mylobot is far from widespread, although that picture could easily change if the operation behind spreading the botnet is ramped up. And presumably that’s the eventual intention.

1JEyQ_4LGVI

View the full article

  • Thanks 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.