Mylobot Malware Brings New Sophistication to Botnets

Cybercriminals looking to maximize their investments are using evermore sophisticated software techniques and increasingly aggressive steps against their fellow malware authors. Those are among the conclusions by researchers at Deep Instinct about a new strain of malware found within the last two months.

The new malware, dubbed Mylobot, pulls together a variety of techniques to gain a foothold and remain undiscovered. Among the strategies employed are:

  • Anti-VM techniques
  • Anti-sandbox techniques
  • Anti-debugging techniques
  • Wrapping internal parts with an encrypted resource file
  • Code injection
  • Process hollowing (a technique where an attacker creates a new process in a suspended state and replaces its image with the one that is to be hidden)
  • Reflective EXE (executing EXE files directly from memory, without having them on disk)
  • A 14-day delay before accessing its C&C servers.

“On a daily basis we come across dozens of highly sophisticated samples, but this one is a unique collection of highly advanced techniques,” says Arik Solomon, vice president of R&D at Deep Instinct. “Each of the techniques is known and used by a few malicious samples, but the combination is unique.”

Read more from Dark Reading

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Leave a Reply