‘Mylobot’ botnet now downloading second-stage malware meant to siphon data
A global botnet has been set up to spread malware that is now able to siphon data, according to a report from CenturyLink Threat Research Labs. CenturyLink first encountered the Mylobot botnet by looking at IPs that were interacting with its network. In the research, CenturyLink observed DNS searches emerging from a distinct group of IPs. Researchers determined that the DNS lookups for domains were likely generated by an algorithm. The domains found in the isolated IPs were made up of seven randomly-chosen letters followed by the identifiers .ru, .net and .com. The report stated that the Mylobot malware typically generates 60,372 DNS queries that stem from 1,404 domains and 43 subdomains. Researchers found that Mylobot has the ability to appear inactive for 14 days before attempting to contact its command-and-control network, according to CenturyLink’s report. Since June, Mylobot has been observed downloading Khalesi, malware used to siphon data, as a second-stage attack for […]
The post ‘Mylobot’ botnet now downloading second-stage malware meant to siphon data appeared first on Cyberscoop.
Continue reading ‘Mylobot’ botnet now downloading second-stage malware meant to siphon data