Story image

Botnet activity spreading multi-purpose malware tools

05 Sep 18

Cybercriminals who use botnets to conduct their attacks are shifting away from single-purpose malware and starting to focus on distributing malware that can be used for multiple purposes.

Kaspersky Lab researchers analysed 600,000 botnets around the world over the first half of 2018. It found more than 150 malware families, which comprised everything from banking Trojans to Remote Access Tools.

The report’s main findings indicate that the share of single-purpose malware has dropped significantly compared to the last half of 2017. Banking Trojans suffered the greatest drop between H2 2017 (22.46%) to just 13.25% in H1 2018.

Single-purpose malware known as spamming bots also dropped: from 18.93% in H2 2017 to 12.23% in H1 2018, indicating that botnets are distributing less of this particular type of malware.

Botnets were also less-often used to disturbed DDoS bots, as they also dropped from 2.66% in H2 2017 to 1.99% in H1 2018.

However, botnets are increasingly becoming carriers for Remote Access Tool (RAT) malware that is more flexible.

According to Kaspersky Labs, RATs can provide almost unlimited potential for exploiting an infected device.

In H1 2018, botnets distributed almost double the amount of RAT files than in H2 2017 – a jump from 6.55% to 12.22%.

The most common RAT tools include Njrat, DarkComet, and Nanocore. Because they are simple, amateur threat actors can adapt and use them for their own purposes.

“The reason why RATs and other multipurpose malware are taking the lead when it comes to botnets is obvious: botnet ownership costs a significant amount of money and in order to make a profit, criminals should be able to use each and every opportunity to get money out of malware,” comments Kaspersky Lab security expert Alexander Eremin.

“A botnet built out of multipurpose malware can change its functions relatively quickly and shift from sending spam to DDoS or to the distribution of banking Trojans. While this ability in itself allows botnet owner to switch between different ‘active’ malicious business models, it also opens an opportunity for a passive income: the owner can simply rent out their botnet to other criminals.”

To reduce the risk of turning your devices into part of a botnet, users are advised to:

  • Patch the software on your PC as soon as security updates for the latest bugs uncovered are available. Unpatched devices can be exploited by cybercriminals and connected into a botnet.
  • Do not download pirated software and other illegal content, as these are often used to distribute malicious bots.  
  • Use internet security to prevent your computer being infected with any type of malware, including that used for the creation of botnets.
What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
Kiwis losing $24.7mil to scam calls every year
The losses are almost five times higher compared to the same period last year, from reported losses alone.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
"Is this for real?" The reality of fraud against New Zealanders
Is this for real? More often than not these days it can be hard to tell, and it’s okay to be a bit suspicious, especially when it comes to fraud.