High-level Windows Malware, Mylobot, Deploys Deadly Botnet Tactics

July 4, 2018
Windows Malware Mylobot

High-level Windows Malware, Mylobot, Deploys Deadly Botnet Tactics

A new Windows malware is adding systems into a botnet. It takes absolute control of its victims and also deliver additional malicious payloads. As far as the investigation goes, whoever’s the author of Mylobot malware campaign has to be a sophisticated and certainly capable hacker.

To understand how this no-amateur-work stands out more dangerous than its predecessors, Mylobot comes equipped with:

  • Anti-sandboxing
  • Anti VM and Anti-debugging techniques
  • Encrypted resource files
  • Executing botnet processes externally using code injections
  • Ability to create a process and suspend it for hiding
  • Running EXE files directly from memory without having them on disks

While the origin and way of its propagation is still unknown and being theorized, there is known facts as to how it deals with its victims. Once installed, Mylobot kills Windows Defender and Windows Update while blocking legitimate Firewall ports.

Essentially it adds its victims into a botnet (an internet-connected network which an attacker can control simultaneously by a command server), which in actuality can do anything and everything to the victim’s computer depending on what payload the attacker decides to distribute. Noteworthy payloads include DDoS attacks, steal sensitive data, or even forceful seizing of assets via vicious ransomware.

Mylobot also, quite ambitiously, assert dominance over other malwares by eliminating its competition. It scans for other malwares at “Application Data” folder and immediately kills and deletes every discovered file that is currently running. This is done to monopolize its extent of control over a computer, and also to increase its botnet efficacy.

To make it more deadly, Mylobot sleeps for two weeks before making contact with its control server. This sort of behavior is an effective way to bypass particular security solutions that do not go way beyond two weeks of targeted threat observation.

As much of a threat Mylobot appears to be, and while recent research won’t be able to provide a resounding fix just yet, there are couples of ways we can undermine the said threat. There is no better time to review and improve ways we deal with botnets than today. Both the Department of Homeland Security and Department of Commerce keep reminding the public that we have botnet prevention programs that we are underutilized, or even not aware about.

About the author

Leave a Reply