CATEGORIES
home News

Mylobot Malware Targets Your Windows PC For DDoS, Trojan And Keylogger Attacks

by Shane McGlaunWednesday, June 20, 2018, 03:51 PM EDT

Malware is a huge problem for computer users today as the threat posed by malicious software continues to increase. A new botnet was recently detected in a live environment for an unnamed client of Deep Instinct, a security firm.

mylobot


The security firm says that the botnet, dubbed Mylobot, uses three different layers of evasion techniques. The evasion techniques that the botnet uses contact command and control servers that download the final payload, Deep Instinct says that the combination and complexity of the evasion techniques that the botnet deploys have never been seen in the wild before.

Mylobot also uses several malicious techniques including anti-VM, anti-sandbox, anti-debugging, wrapping internal parts with an encrypted resource file, code injection, process hollowing, Reflective EXE, and has a 14-day delay mechanism before it contacts the command and control servers. Process hollowing is a technique that allows the attacker to create new processes in a suspended state and replace its image with the one that is to be hidden.

Reflexive EXE allows the executing of EXE files directly from memory without having to put them on the disk. This technique, in particular, is why the botnet is so hard to trace. One of the things Mylobot does is to terminate and delete instances of other malware on infected machines. It searches for specific folders that other botnets use and deletes them. Deep Instinct believes Mylobot deletes other malware to infect more computers and make more money for the person or persons operating the botnet.

Mylobot shuts down Windows Defender and Windows Update when installed and blocks additional ports on the Firewall. It also shuts down and deletes any EXE file running from %APPDATA% folder. That action can cause a loss of data. The main function of the botnet is to take complete control of the user's computer and damage to the computer depends on the payload the attackers decide to distribute.

Payloads can include ransomware and banking trojans among others. Ransomware is a common payload and has been distributed by botnets before. A full examination of the Mylobot botnet is ongoing and a research paper will be published by Deep Instinct in the future covering the botnet end-to-end.

Tags:  Malware, security, botnet, Hack, mylobot
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment