Mylobot Malware Brings New Sophistication to Botnets
Cybercriminals looking to maximize their investments are using evermore sophisticated software techniques and increasingly aggressive steps against their fellow malware authors. Those are among the conclusions by researchers at Deep Instinct about a new strain of malware found within the last two months.
The new malware, dubbed Mylobot, pulls together a variety of techniques to gain a foothold and remain undiscovered. Among the strategies employed are:
- Anti-VM techniques
- Anti-sandbox techniques
- Anti-debugging techniques
- Wrapping internal parts with an encrypted resource file
- Code injection
- Process hollowing (a technique where an attacker creates a new process in a suspended state and replaces its image with the one that is to be hidden)
- Reflective EXE (executing EXE files directly from memory, without having them on disk)
- A 14-day delay before accessing its C&C servers.
Though the researchers have been looking at Mylobot for several weeks, they aren’t yet ready to say who the author is. There are some clues, though, including the fact that Mylobot scans for keyboard layout of an infected machine and doesn’t execute if it finds an Asian character set and layout in use.
Read more: Dark Reading