A New Botnet Malware Has Emerged

A “Botnet” is a group of computers that have been affected by a common malware that allows an attacker to control them through a network. Due to their asymptomatic approach, these types of malware can infect computers into a botnet without the owner’s realization. Recently, Deep Instinct’s researchers have discovered a new malware that infects Windows computers and turns them into botnet PCs. This new malicious software has been named “Mylobot”, after one of the researcher’s dogs.

The extent of damage that a botnet malware can cause is dependent on what the attacker chooses to do after it has been infected. After a computer has been recruited into a botnet, attackers gain full control of the system. From here, they often use the computers for distributed denial of service (DDoS) attacks, sending overwhelming amounts of information to a website to overload its servers.

Alternatively, attackers can also use the initial malware infection to install additional malicious software onto a computer, such as ransomware, trojans, or key loggers. These are designed to lock up information behind ransomwalls, or steal sensitive data.

Mylobot: A New Danger

Mylobot acts similarly to other botnet malware, infecting your computer and connecting it to the attacker’s botnet. However, it uses new techniques to avoid being discovered. For instance, it uses techniques such as anti-virtual machine, anti-sandbox, and anti-debugging strategies to ensure that it avoids the most common methods of detection. Furthermore, once Mylobot is installed it automatically disables Windows Firewall, leaving your computer exposed. Finally the malware uses Reflexive EXE in order to further avoid detection. This means that it executes its processes directly through the system’s memory rather than on the hard disk, leaving virtually no traces of data. As noted by Deep Instinct Researcher Tom Nipravsky, this makes the malware even more difficult to discover by the computer.

Mylobot is also unique in its ability to delete other malware on your computer, giving full control over to the attacker. Specifically, it detects and deletes the Dorkbot malware. This piece of malicious software was most prevalent in 2015 when it infected over 1 million computers, stealing internet credentials and using botnets to generate DDoS attacks.

While it was discovered that Dorkbot was distributed through infected flash drives and online messaging programs, the current method that Mylobot is spread is still not known. However, it suspected that it has connections with malware programs such as Dorkbot and Ramdo.

Protecting Yourself Against Botnet Malware

Although Mylobot and Dorkbot have demonstrated that botnet malware can be distributed in new and unpredictable ways, here are some best practices to protect your computers from infection.

  • Multilayered security checkpoints in your organization’s systems
    • Employ multiple layers of security on your company’s servers and computers to maximize the detection of malware
  • Constantly keep backups of important files
    • To protect against ransomware attacks locking critical information behind ransom-walls, always keep multiple encrypted backups of important data.
  • Disabling Windows’ Autorun feature
    • When a new device is used, Windows automatically runs the data that is stored on it. However, this allows malware such as Dorkbot to easily infect your computer. Therefore, turn this feature off for increased security.
  • Always keep your antivirus software and operating system up to date
    • Patches and updates do not only contain bug fixes. They often provide important security measures protecting against the newest threats.

Our experts at GigE can help your organization protect and backup its data from malware attacks. Contact us today at +1 (888) 366-4443 to get started today.