sb-eu logo
Story image

Botnet activity spreading multi-purpose malware tools

05 Sep 2018

Cybercriminals who use botnets to conduct their attacks are shifting away from single-purpose malware and starting to focus on distributing malware that can be used for multiple purposes.

Kaspersky Lab researchers analysed 600,000 botnets around the world over the first half of 2018. It found more than 150 malware families, which comprised everything from banking Trojans to Remote Access Tools.

The report’s main findings indicate that the share of single-purpose malware has dropped significantly compared to the last half of 2017. Banking Trojans suffered the greatest drop between H2 2017 (22.46%) to just 13.25% in H1 2018.

Single-purpose malware known as spamming bots also dropped: from 18.93% in H2 2017 to 12.23% in H1 2018, indicating that botnets are distributing less of this particular type of malware.

Botnets were also less-often used to disturbed DDoS bots, as they also dropped from 2.66% in H2 2017 to 1.99% in H1 2018.

However, botnets are increasingly becoming carriers for Remote Access Tool (RAT) malware that is more flexible.

According to Kaspersky Labs, RATs can provide almost unlimited potential for exploiting an infected device.

In H1 2018, botnets distributed almost double the amount of RAT files than in H2 2017 – a jump from 6.55% to 12.22%.

The most common RAT tools include Njrat, DarkComet, and Nanocore. Because they are simple, amateur threat actors can adapt and use them for their own purposes.

“The reason why RATs and other multipurpose malware are taking the lead when it comes to botnets is obvious: botnet ownership costs a significant amount of money and in order to make a profit, criminals should be able to use each and every opportunity to get money out of malware,” comments Kaspersky Lab security expert Alexander Eremin.

“A botnet built out of multipurpose malware can change its functions relatively quickly and shift from sending spam to DDoS or to the distribution of banking Trojans. While this ability in itself allows botnet owner to switch between different ‘active’ malicious business models, it also opens an opportunity for a passive income: the owner can simply rent out their botnet to other criminals.”

To reduce the risk of turning your devices into part of a botnet, users are advised to:

  • Patch the software on your PC as soon as security updates for the latest bugs uncovered are available. Unpatched devices can be exploited by cybercriminals and connected into a botnet.
  • Do not download pirated software and other illegal content, as these are often used to distribute malicious bots.  
  • Use internet security to prevent your computer being infected with any type of malware, including that used for the creation of botnets.
Story image
Proofpoint and CyberArk extend partnership to further safeguard high-risk users
“Our CyberArk partnership extension provides security teams with increased detection and enhanced adaptive controls to help prevent today’s most severe threats."More
Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
Shlayer malware proves Apple devices aren't as secure as you think
"Apple never talks about malware publicly, and loves to give the impression that its systems are secure. Unfortunately, the opposite has been proven to be the case with great regularity."More
Story image
Why it’s essential to re-write IT security for the cloud era
Key components of network security architecture for the cloud era should be built from the ground up, as opposed to being bolted on to legacy solutions built for organisations functioning only on-premises or from only managed devices.More
Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More