grandeduc - Fotolia
The newly discovered Mylobot botnet has shown new levels of complexity, including a wide variety of tools and evasion techniques. How does this botnet differ from a typical botnet and what type of threat does it pose?
Botnets need to keep up with the Joneses like everyone else and must keep evolving to stay ahead of enterprise defenses. Luckily for them, enterprises are often slow to adapt to evolving threats.
While many botnets have used the same steps for infection and persistence for many years, they have made changes to their processes to help incorporate new attack techniques. And tracking attackers' advancements and using enterprise security tools to detect differences can help companies identify how their defenses need to change.
Deep Instinct Ltd. blogged about a highly complicated botnet -- dubbed Mylobot -- that incorporates several new techniques, including improved evasion techniques and command-and-control (C&C) connections. Deep Instinct reported that the Mylobot botnet attack uses the dark web and C&C servers from other malware campaigns to establish its C&C connections.
The Mylobot malware differs from a typical botnet in terms of its use of code injection, process hollowing and reflective EXE. It also includes common malware functionality, such as anti-VM, anti-sandbox and anti-debugging techniques, including the use of an encrypted resource file. While code injection, process hollowing and reflective EXE are not new techniques, they are not typically seen in malware.
Mylobot also has the ability to delay contacting the C&C network for 14 days in order to minimize the chance that the download and execution on the endpoint will be correlated with the C&C connection.
Even though it's difficult to assess the risk of Mylobot, checking to see how enterprise endpoint antimalware tools handle its advanced behaviors can help enterprises be better prepared.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading
Cloud security providers need to play catch-up with the evolving advancements in cloud technology. Find out what the top CSPs offer today and which ... Continue Reading
Cloud security certifications serve to bolster security professionals' resumes and boost value to employers. Learn about the top certifications ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.