The newly discovered Mylobot botnet has shown new levels of complexity, including a wide variety of tools and evasion...
techniques. How does this botnet differ from a typical botnet and what type of threat does it pose?
Botnets need to keep up with the Joneses like everyone else and must keep evolving to stay ahead of enterprise defenses. Luckily for them, enterprises are often slow to adapt to evolving threats.
While many botnets have used the same steps for infection and persistence for many years, they have made changes to their processes to help incorporate new attack techniques. And tracking attackers' advancements and using enterprise security tools to detect differences can help companies identify how their defenses need to change.
Deep Instinct Ltd. blogged about a highly complicated botnet -- dubbed Mylobot -- that incorporates several new techniques, including improved evasion techniques and command-and-control (C&C) connections. Deep Instinct reported that the Mylobot botnet attack uses the dark web and C&C servers from other malware campaigns to establish its C&C connections.
The Mylobot malware differs from a typical botnet in terms of its use of code injection, process hollowing and reflective EXE. It also includes common malware functionality, such as anti-VM, anti-sandbox and anti-debugging techniques, including the use of an encrypted resource file. While code injection, process hollowing and reflective EXE are not new techniques, they are not typically seen in malware.
Mylobot also has the ability to delay contacting the C&C network for 14 days in order to minimize the chance that the download and execution on the endpoint will be correlated with the C&C connection.
Even though it's difficult to assess the risk of Mylobot, checking to see how enterprise endpoint antimalware tools handle its advanced behaviors can help enterprises be better prepared.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Cisco Talos' Thanatos ransomware decryptor can recover files affected by new ransomware that won't decrypt ransomed files even when a ransom has been... Continue Reading
A phishing campaign targeting Trezor wallets may have poisoned DNS or hijacked BGP to gain access. Learn how the attack worked and how to mitigate it... Continue Reading
Okta researchers found a bypass that allows macOS malware to pose as signed Apple files. Discover how this is possible and how to mitigate this ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.