You always have to be careful which web pages you access or which files you download. Especially if we do not want our PC to end up infected by some type of malware. However, lately a botnet has spread out of control and already manages to infect up to 50,000 computers a day.
This type of attack is software that can take control of other computers remotely and autonomously. For this very reason, terms such as zombies or zombie army are often used to refer to the set of computers that have been infected by this type of application.
The MyloBot botnet
The main culprit that has already achieved the figure of 50,000 daily computers worldwide has been the botnet known under the name of MyloBot. In fact, it has compromised thousands and thousands of systems since its release.
Although it first appeared in 2017, it is now when it is at its peak. This type of malware was found to target Windows computers. However, it has not been until today when the focus has really been placed on this zombie virus. More than anything, because its main ability is to transform any infected system into a proxy.
Furthermore, it can download and execute any type of file after infecting a computer. This way, if the attacker controlling the zombie virus wants to, they could download another type of malware. In fact, upon analysis by cybersecurity researchers, the MyloBot botnet was found to have connections to a proxy service called BHProxies, indicating that machines that had been infected with this malware were being used by the latter proxy. Although, most of the reported cases have been in India, the United States, Indonesia and Iran.
How MyloBot works
Security experts know that this botnet actually uses a multi-stage sequence to unpack and run the bot malware. First of all, they have discovered that this zombie virus is completely inactive for 14 days. After that period of time, it starts trying to communicate with the command server. That is, it uses the Command and Control app, used by the Bot Master, which is used to communicate with all infected computers.
In addition, the main function of this botnet is to be able to establish a connection between the Bot Master and the infected computer. Therefore, once said connection between the two has been established, the attacker turns the PC that has been infected into a proxy server.
How can it infect your PC? Most of these attacks carried out through botnets use Trojans as their main tool. However, there are also other alternatives that have been used. For example, the procedure known as ‘phishing’ is also used. Basically, it consists of sending emails with this malware without the recipient of the email knowing about it. In general, the corporate image of different companies is used, such as a financial institution. That is why we must be careful with the emails we receive and the files we download.
