Story image

Botnet activity spreading multi-purpose malware tools

05 Sep 2018

Cybercriminals who use botnets to conduct their attacks are shifting away from single-purpose malware and starting to focus on distributing malware that can be used for multiple purposes.

Kaspersky Lab researchers analysed 600,000 botnets around the world over the first half of 2018. It found more than 150 malware families, which comprised everything from banking Trojans to Remote Access Tools.

The report’s main findings indicate that the share of single-purpose malware has dropped significantly compared to the last half of 2017. Banking Trojans suffered the greatest drop between H2 2017 (22.46%) to just 13.25% in H1 2018.

Single-purpose malware known as spamming bots also dropped: from 18.93% in H2 2017 to 12.23% in H1 2018, indicating that botnets are distributing less of this particular type of malware.

Botnets were also less-often used to disturbed DDoS bots, as they also dropped from 2.66% in H2 2017 to 1.99% in H1 2018.

However, botnets are increasingly becoming carriers for Remote Access Tool (RAT) malware that is more flexible.

According to Kaspersky Labs, RATs can provide almost unlimited potential for exploiting an infected device.

In H1 2018, botnets distributed almost double the amount of RAT files than in H2 2017 – a jump from 6.55% to 12.22%.

The most common RAT tools include Njrat, DarkComet, and Nanocore. Because they are simple, amateur threat actors can adapt and use them for their own purposes.

“The reason why RATs and other multipurpose malware are taking the lead when it comes to botnets is obvious: botnet ownership costs a significant amount of money and in order to make a profit, criminals should be able to use each and every opportunity to get money out of malware,” comments Kaspersky Lab security expert Alexander Eremin.

“A botnet built out of multipurpose malware can change its functions relatively quickly and shift from sending spam to DDoS or to the distribution of banking Trojans. While this ability in itself allows botnet owner to switch between different ‘active’ malicious business models, it also opens an opportunity for a passive income: the owner can simply rent out their botnet to other criminals.”

To reduce the risk of turning your devices into part of a botnet, users are advised to:

  • Patch the software on your PC as soon as security updates for the latest bugs uncovered are available. Unpatched devices can be exploited by cybercriminals and connected into a botnet.
  • Do not download pirated software and other illegal content, as these are often used to distribute malicious bots.  
  • Use internet security to prevent your computer being infected with any type of malware, including that used for the creation of botnets.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Ensign and IronNet partner to create cyber analytics capabilities
The Singapore-based joint venture will form a Cyber Analytics Center for Excellence focused on securing regional enterprises from sophisticated cyber threats.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.