Sophisticated Mylobot Botnet Discovered During Security Audit

The Mylobot botnet has been discovered in a recent worldwide attack, upon analysis it has been found to contain an advanced malware engine. It can execute several different components depending on the targets, the hackers behind it are still unknown.

Mylobot Botnet Infection Mechanism

The Mylobot botnet attacks were discovered during a routine cybersecurity evaluation by a security team. The published analysis reveals that the botnet includes both a sophisticated infection method and a post-infection behaviour pattern that are based on a highly customizable engine. The researchers note that this has produced a botnet that is currently rated as one of the most sophisticated ones. At the same time there is no information available about the identity of the hacker or criminal collective behind it.

The published reports do not give reveal the exact infection mechanism as the discovery was made on systems that were already compromised. Given the situation there are several possible entry points that the malicious code might have used.

One of the options is the use of infected email messages, specifically those that rely on social engineering techniques. The criminals can attempt to create counterfeit messages and notifications that use the names, text and graphics of famous companies. They can contain contain attached copies or hyperlinks placed in the body contents. The infections can also be caused by infected payloads such as malware copies of application installers or macro-infected documents.

The botnet can also be downloaded from counterfeit download sites that might use a similar template and domain name to popular services and well-known portals. They can also utilize scripts such as pop-ups, redirects, in-line hyperlinks, banners and etc.

A large-scale Mylobot botnet infection can be made using direct network attacks. They are done by targeting possible vulnerable components which are loaded in automated penetration (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Martin Beltov. Read the original post at: