- q1DqA1529804999 - MyloBot Botnet Shutdown Windows Defender & Blocking Firewall Ports

Newly uncovered complex MyloBot  incorporates different malicious techniques and ability to shut down the Windows Defender and Windows Updates.

Basically, botnet do many things such as DDoS , steal data, and even installation based on the payload.

Malware authors employed various advanced techniques to evade detection and prevent itself from Antivirus software.

MyloBot using 3 layers of evasion techniques and it using the command and control server for dropping the final Payload that eventually leads to DDOS Attacks.

In this case, Enterprise Networks should choose the best DDoS Attack prevention services to ensure the DDoS protection and prevent their network

MyloBot’s list of Sophisticated techniques

Malware authors using a variety of malicious techniques with this MyloBot botnet and it all applying while it performing the attack in machine.

Follow futures are employed by the MyloBot botnet to evade detection and flying under the radar.

  • Anti VM techniques
  • Anti-sandbox techniques
  • Anti-debugging techniques
  • Wrapping internal parts with an encrypted resource file
  • injection
  • Process hollowing

It also using delaying mechanism of 14 days and code injection technique leads to even harder to detect and trace.

MyloBot Operation Process

It contains one of the rare and unique behaviors that is used for terminating and deleting when its find other malware running on targeting computer.

According to the from deepinstinct, It checks for known folders that malware “lives” in (“Application Data” folder), and if a certain file is running – it immediately terminates it and deletes its file. It even aims for specific folders of other botnets such as DorkBot.

Attackers using this technique purely for money purpose it Dark web. also, different attackers are competing against each other to be having more “zombie computers”  and whoever has more compromised zombie computers earn more than other attackers.

Protect website from DDOS attacks Also Check your Companies DDOS Attack Downtime Cost.

Damage of the Botnet

After the successful installation, it blocks the Windows defender, updates and it shut down & delete the EXE file running on the app data folder.

Aslo botnet allows attackers to take complete control of the infected user’s system and the aditional payloads from the command & control server.

The expected damage here depends on the payload the attacker decides to distribute. It can vary from downloading and executing ransomware and banking trojans, among others.

In this case, Botnet performing used to drop the aditional payload that leads to keyloggers and banking trojans installations in enterprise networks.

An organization should always ensure and focus on maximum Protection level for enterprise networks and you can try a trial to Stop DDoS Attack in 10 Seconds.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here