High-level Windows Malware, Mylobot, Deploys Deadly Botnet Tactics

1
High-level Windows Malware, Mylobot, Deploys
Deadly Botnet Tactics
www.izoologic.com
2
About More
High-level Windows Malware, Mylobot, Deploys
Deadly Botnet Tactics

• A new Windows malware is adding systems into a
  botnet.
• It takes absolute control of its victims and also
  delivers additional malicious payloads.
• As far as the investigation goes, whoever's the
  author of Mylobot malware campaign has to be a
  sophisticated and certainly capable hacker.

www.izoologic.com
3
High-level Windows Malware, Mylobot, Deploys
Deadly Botnet Tactics

• To understand how this no-amateur-work stands out
  more dangerous than its predecessors, Mylobot
  comes equipped with
• Anti-sandboxing
• Anti VM and Anti-debugging techniques
• Encrypted resource files
• Executing botnet processes externally using code
  injections
• Ability to create a process and suspend it for
  hiding
• Running EXE files directly from memory without
  having them on disks

www.izoologic.com
4
High-level Windows Malware, Mylobot, Deploys
Deadly Botnet Tactics

• While the origin and way of its propagation is
  still unknown and being theorized, there are
  known facts as to how it deals with its victims.
• Once installed, Mylobot kills Windows Defender
  and Windows Update while blocking legitimate
  Firewall ports.
• Essentially it adds its victims into a botnet (an
  internet-connected network which an attacker can
  control simultaneously by a command server),
  which in actuality can do anything and everything
  to the victim's computer depending on what
  payload the attacker decides to distribute.

5
High-level Windows Malware, Mylobot, Deploys
Deadly Botnet Tactics
Noteworthy payloads include DDoS attacks, steal
sensitive data, or even forceful seizing of
assets via vicious ransomware.
www.izoologic.com
6
High-level Windows Malware, Mylobot, Deploys
Deadly Botnet Tactics

• Mylobot also, quite ambitiously, assert dominance
  over other malwares by eliminating its
  competition.
• It scans for other malwares at Application Data
  folder and immediately kills and delete every
  discovered files that are currently running.
• This is done to monopolize its extent of control
  over a computer, and also to increase its botnet
  efficacy.

www.izoologic.com
7
High-level Windows Malware, Mylobot, Deploys
Deadly Botnet Tactics

• To make it more deadly, Mylobot sleeps for two
  weeks before making contact with its control
  server.
• This sort of behavior is an effective way to
  bypass particular security solutions that do not
  go way beyond two weeks of targeted threat
  observation.
• As much of a threat Mylobot appears to be, and
  while recent research won't be able to provide a
  resounding fix just yet, there are couple of ways
  we can undermine the said threat.
• There is no better time to review and improve
  ways we deal with botnets than today.
• Both the Department of Homeland Security and
  Department of Commerce keep reminding the public
  that we have botnet prevention programs that we
  are underutilizing, or even not aware about.

www.izoologic.com
8
Contact Us
14 Hanover Street, W1S 1YH City of Westminster,
London UNITED KINGDOM
44 20 3734 2726
info_at_izoologic.com
www.izoologic.com