grandeduc - Fotolia
The newly discovered Mylobot botnet has shown new levels of complexity, including a wide variety of tools and evasion techniques. How does this botnet differ from a typical botnet and what type of threat does it pose?
Botnets need to keep up with the Joneses like everyone else and must keep evolving to stay ahead of enterprise defenses. Luckily for them, enterprises are often slow to adapt to evolving threats.
While many botnets have used the same steps for infection and persistence for many years, they have made changes to their processes to help incorporate new attack techniques. And tracking attackers' advancements and using enterprise security tools to detect differences can help companies identify how their defenses need to change.
Deep Instinct Ltd. blogged about a highly complicated botnet -- dubbed Mylobot -- that incorporates several new techniques, including improved evasion techniques and command-and-control (C&C) connections. Deep Instinct reported that the Mylobot botnet attack uses the dark web and C&C servers from other malware campaigns to establish its C&C connections.
The Mylobot malware differs from a typical botnet in terms of its use of code injection, process hollowing and reflective EXE. It also includes common malware functionality, such as anti-VM, anti-sandbox and anti-debugging techniques, including the use of an encrypted resource file. While code injection, process hollowing and reflective EXE are not new techniques, they are not typically seen in malware.
Mylobot also has the ability to delay contacting the C&C network for 14 days in order to minimize the chance that the download and execution on the endpoint will be correlated with the C&C connection.
Even though it's difficult to assess the risk of Mylobot, checking to see how enterprise endpoint antimalware tools handle its advanced behaviors can help enterprises be better prepared.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
New variants of popular botnets were found targeting IoT devices by Palo Alto Networks' Unit 42. Discover how these variants differ from their ... Continue Reading
Detected malware can now efficiently be tracked due to VirusTotal's enterprise version of its software. Discover what N-gram is and how it can be ... Continue Reading
A new Kronos banking Trojan variant was found to use process impersonation to bypass defenses. Learn what this evasion technique is and the threat it... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.