Story image

Botnet activity spreading multi-purpose malware tools

05 Sep 2018

Cybercriminals who use botnets to conduct their attacks are shifting away from single-purpose malware and starting to focus on distributing malware that can be used for multiple purposes.

Kaspersky Lab researchers analysed 600,000 botnets around the world over the first half of 2018. It found more than 150 malware families, which comprised everything from banking Trojans to Remote Access Tools.

The report’s main findings indicate that the share of single-purpose malware has dropped significantly compared to the last half of 2017. Banking Trojans suffered the greatest drop between H2 2017 (22.46%) to just 13.25% in H1 2018.

Single-purpose malware known as spamming bots also dropped: from 18.93% in H2 2017 to 12.23% in H1 2018, indicating that botnets are distributing less of this particular type of malware.

Botnets were also less-often used to disturbed DDoS bots, as they also dropped from 2.66% in H2 2017 to 1.99% in H1 2018.

However, botnets are increasingly becoming carriers for Remote Access Tool (RAT) malware that is more flexible.

According to Kaspersky Labs, RATs can provide almost unlimited potential for exploiting an infected device.

In H1 2018, botnets distributed almost double the amount of RAT files than in H2 2017 – a jump from 6.55% to 12.22%.

The most common RAT tools include Njrat, DarkComet, and Nanocore. Because they are simple, amateur threat actors can adapt and use them for their own purposes.

“The reason why RATs and other multipurpose malware are taking the lead when it comes to botnets is obvious: botnet ownership costs a significant amount of money and in order to make a profit, criminals should be able to use each and every opportunity to get money out of malware,” comments Kaspersky Lab security expert Alexander Eremin.

“A botnet built out of multipurpose malware can change its functions relatively quickly and shift from sending spam to DDoS or to the distribution of banking Trojans. While this ability in itself allows botnet owner to switch between different ‘active’ malicious business models, it also opens an opportunity for a passive income: the owner can simply rent out their botnet to other criminals.”

To reduce the risk of turning your devices into part of a botnet, users are advised to:

  • Patch the software on your PC as soon as security updates for the latest bugs uncovered are available. Unpatched devices can be exploited by cybercriminals and connected into a botnet.
  • Do not download pirated software and other illegal content, as these are often used to distribute malicious bots.  
  • Use internet security to prevent your computer being infected with any type of malware, including that used for the creation of botnets.
Aerohive launches guide to cloud-managed network access control
NAC for Dummies teaches the key aspects of network access control within enterprise IT networks and how you can secure all devices on the network.
Sungard AS named DRaaS leader by Forrester
It was noted for its disaster-recovery-as-a-service solution’s ability to “serve client needs at all stages of their need for business continuity.”
Gartner: The five priorities of privacy executives
The priorities highlight the need for strategic approaches to engage with shifting regulatory, technology, customer and third-party risk trends.
Thycotic debunks top Privileged Access Management myths
Privileged Access encompasses access to computers, networks and network devices, software applications, digital documents and other digital assets.
Veeam reports double-digit Q1 growth
We are now focussed on an aggressive strategy to help businesses transition to cloud with Backup and Cloud Data Management solutions.
Paving the road to self-sovereign identity using blockchain
Internet users are often required to input personal information and highly-valuable data from contact numbers to email addresses to make use of the various platforms and services available online.
Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.