Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Botnet activity in H1 2018: Multifunctional bots becoming more widespread

Kaspersky Lab researchers have published a report on botnet activity in the first half of 2018, analysing more than 150 malware families and their modifications circulating through 600,000 botnets around the world. One of the most remarkable things uncovered by the research was growing international demand for multifunctional malware that is not designed for specific purposes but is flexible enough to perform almost any task.

Botnets – nets of compromised devices used in criminal activity – are harnessed by criminals to spread malware and facilitate DDoS and spam attacks.

Using Kaspersky Lab’s Botnet Tracking technology, the company’s researchers continuously monitor botnet activity to prevent forthcoming attacks, or to nip a new type of banker Trojan in the bud.  The technology works by emulating a compromised device, trapping the commands received from threat actors that are using the botnets to distribute malware.  This provides the researchers with valuable malware samples and statistics.

Based on the results of recent research, in the first half of 2018 the share of single-purpose malware distributed through botnets dropped significantly in comparison to the second half of 2017. For example, in H2 2017, 22.46% of all unique malicious files distributed through the botnets monitored by Kaspersky Lab were banking Trojans, while in the first half of 2018, the share of bankers dropped by 9.21 percentage points – to 13.25% of all malicious files witnessed by the Botnet Tracking service.

The share of spamming bots – another type of single-purpose malicious software distributed through botnets – also decreased significantly: from 18.93% in H2 2017 to 12.23% in H1 2018. DDoS bots, yet another typical single-purpose malware, also dropped, from 2.66% in H2 2017 to 1.99% in H1 2018.

At the same time, the most distinctive growth was demonstrated by malware of a versatile nature, in particular Remote Access Tools (RAT) malware that provides almost unlimited opportunities for exploiting the infected PC. Since H1 2017, the share of RAT files found among the malware distributed by botnets almost doubled, rising from 6.55% to 12.22%. Njrat, DarkComet and Nanocore topped the list of the most widespread RATs. Due to their relatively simple structure, the three backdoors can be modified even by an amateur threat actor. This allows the malware to be adapted for distribution in a specific region.

Trojans, also used for a variety of purposes, did not demonstrate as much progress as RATs, but, unlike a lot of single-purpose malware, their share of detected files increased, rising from 32.89% in H2 2017 to 34.25% H1 2018. Just like the backdoors, one Trojan family can be modified and controlled by multiple command and control (C&C) servers, each with different purposes, for example, cyberespionage or the stealing of credentials.

“The reason why RATs and other multipurpose malware are taking the lead when it comes to botnets is obvious: botnet ownership costs a significant amount of money and in order to make a profit, criminals should be able to use each and every opportunity to get money out of malware. A botnet built out of multipurpose malware can change its functions relatively quickly and shift from sending spam to DDoS or to the distribution of banking Trojans. While this ability in itself allows botnet owner to switch between different ‘active’ malicious business models, it also opens an opportunity for a passive income: the owner can simply rent out their botnet to other criminals,” said Alexander Eremin, security expert at Kaspersky Lab.

The only type of single-purpose malicious programs to demonstrate impressive growth within botnet networks were miners. Even though their per cent of registered files is not comparable to highly popular multifunctional malware, their share increased two-fold and this fits in the general trend of a malicious mining boom as seen earlier by our experts.

To reduce the risk of turning your devices into part of a botnet, users are advised to:

  • Patch the software on your PC as soon as security updates for the latest bugs uncovered are available. Unpatched devices can be exploited by cybercriminals and connected into a botnet.
  • Do not download pirated software and other illegal content, as these are often used to distribute malicious bots.
  • Use Kaspersky Internet Security to prevent your computer being infected with any type of malware, including that used for the creation of botnets.

Read the full version of the report on Securelist.com.