Newly uncovered complex MyloBot Botnet incorporates different malicious techniques and ability to shut down the Windows Defender and Windows Updates.
Malware authors employed various advanced techniques to evade detection and prevent itself from Antivirus software.
MyloBot using 3 layers of evasion techniques and it using the command and control server for dropping the final Payload that eventually leads to DDOS Attacks.
MyloBot’s list of Sophisticated techniques
Malware authors using a variety of malicious techniques with this MyloBot botnet and it all applying while it performing the attack in victims machine.
Follow futures are employed by the MyloBot botnet to evade detection and flying under the radar.
- Anti VM techniques
- Anti-sandbox techniques
- Anti-debugging techniques
- Wrapping internal parts with an encrypted resource file
- Code injection
- Process hollowing
It also using delaying mechanism of 14 days and code injection technique leads to even harder to detect and trace.
MyloBot Operation Process
It contains one of the rare and unique behaviors that is used for terminating and deleting when its find other malware running on targeting computer.
According to the from deepinstinct, It checks for known folders that malware “lives” in (“Application Data” folder), and if a certain file is running – it immediately terminates it and deletes its file. It even aims for specific folders of other botnets such as DorkBot.
Attackers using this technique purely for money purpose it Dark web. also, different attackers are competing against each other to be having more “zombie computers” and whoever has more compromised zombie computers earn more than other attackers.
Protect website from DDOS attacks Also Check your Companies DDOS Attack Downtime Cost.
Damage of the Botnet
After the successful installation, it blocks the Windows defender, updates and it shut down & delete the EXE file running on the app data folder.
Aslo botnet allows attackers to take complete control of the infected user’s system and download the aditional payloads from the command & control server.
The expected damage here depends on the payload the attacker decides to distribute. It can vary from downloading and executing ransomware and banking trojans, among others.
In this case, Botnet performing used to drop the aditional payload that leads to keyloggers and banking trojans installations in enterprise networks.