Malware is a huge problem for computer users today as the threat posed by malicious software continues to increase. A new botnet was recently detected in a live environment for an unnamed client of Deep Instinct, a security firm.
The security firm says that the botnet, dubbed Mylobot, uses three different layers of evasion techniques. The evasion techniques that the botnet uses contact command and control servers that download the final payload, Deep Instinct says that the combination and complexity of the evasion techniques that the botnet deploys have never been seen in the wild before.
Reflexive EXE allows the executing of EXE files directly from memory without having to put them on the disk. This technique, in particular, is why the botnet is so hard to trace. One of the things Mylobot does is to terminate and delete instances of other malware on infected machines. It searches for specific folders that other botnets use and deletes them. Deep Instinct believes Mylobot deletes other malware to infect more computers and make more money for the person or persons operating the botnet.
Payloads can include ransomware and banking trojans among others. Ransomware is a common payload and has been distributed by botnets before. A full examination of the Mylobot botnet is ongoing and a research paper will be published by Deep Instinct in the future covering the botnet end-to-end.