Leave a comment

New Windows malware wants to add your PC to a botnet - or worse

New Windows malware wants to add your PC to a botnet - or worse

As technology gets updated constantly, guess what gets regular upgrades, too? Yep, malware tools.

Malware makers and black hat hackers are skilled programmers themselves and they constantly tweak and improve the tools of their trade to keep up with the times.

For every run-of-the-mill virus out there, there will always be the big ones - the sophisticated, cleverly programmed, extremely complex malware variants that are programmed to inflict as much damage as possible.

One such "complicated" botnet malware was discovered recently and watch out, it appears to be an all-in-one smorgasbord of cyberthreats.

MyloBot wants to recruit your PC

Recently spotted by deep learning cybersecurity firm Deep Instinct, this botnet malware is nicknamed MyloBot and it packs a complicated toolkit of various malicious capabilities.

Mainly targeting Windows machines, MyloBot on its own can do a host of misdeeds like steal your data, install ransomware, disable your anti-virus programs and get this, even delete its competition (read: other malware).

But perhaps, the worst part about MyloBot is its ability to recruit your computer to join its massive botnet network.

Note: A botnet is a group of gadgets that hackers have taken over without the owner's knowledge. The hackers seize control of unwitting gadgets with a virus or malware and then use the network of infected computers to perform large-scale hacks or scams.

In MyloBot's case, it can deliver an assortment of payloads depending on the attacker's needs. From using your PC for Distributed Denial of Service (DDoS) attacks to spreading spyware, ransomware or cryptojackers, the possibilities for MyloBot are endless.

MyloBot evades detection

MyloBot's method of infection is still unclear at this point but Deep Instinct noted that it evades early detection by sitting idly on a target PC for 14 days.

After that time, this sneaky malware turns off Windows Defender, disables Windows Updates, blocks specific ports in Windows Firewall then deletes any active application (or other malware) under the “%APPDATA%” folder.

By eliminating a Windows machine's built-in defenses, it will be under complete control of the attackers. Yep, another botnet zombie PC is born.

To avoid detection while its active, MyloBot uses "code injection" and "process hollowing" techniques.

Code injection is where the attackers insert hidden malicious code in legitimate Windows processes to avoid detection. 

Process hollowing is a technique where a new Windows process is launched in a suspended state but its data is replaced with malicious code.

To further avoid detection, MyloBot executes all its processes directly from memory, leaving no trace of its presence within a computer's main drive.

MyloBot is a Dark Web service

Deep Instinct also stated that MyloBot's command and control (C&C) server is being used by other malware campaigns that originated from the Dark Web.

The Dark Web is a hidden network of about 50,000 sites where criminals, hackers, trolls, extremists and governments exist. Listen to this free Komando On Demand podcast and learn how it works and what steps people take to access it.

This is an important detail since it suggests that MyloBot is a malware-as-a-service endeavor where people pay to unleash whatever malicious software they want to unleash.

Another feature that indicates that MyloBot is a for-profit scheme is its ability to disable and delete competing malware.

If anything, MyloBot is just proof that the underground malware-as-a-service business model is starting to become profitable and professional cybercrime syndicates are definitely starting to take notice.

A good backup plan is also essential for protecting yourself against sophisticated malware like MyloBot. We recommend our sponsor, IDrive, for fast and reliable cloud backups. Backup your all your gadgets and save 50% on all your backup needs and get 2TB of storage for less than $35!

In other news, streaming devices are vulnerable to this attack

Beware! Your streaming gadget may be vulnerable to a DNS rebinding attack! Click here to learn more.

Next Story
Tech support scammer fined millions for cons
Previous Happening Now

Tech support scammer fined millions for cons

What to stream: 'Mercury 13,' the women who almost went to space
Next Happening Now

What to stream: 'Mercury 13,' the women who almost went to space

View Comments ()