The botnet is an example of using good technologies for bad intentions. A botnet is nothing more than a string of connected computers coordinated together to perform a task. That can be maintaining a chatroom, or it can be taking control of your computer. Botnet is just one of the many perils out there on the Internet. Here’s how they work and how you can protect yourself.
Once the botnet’s owner is in control of your computer, they usually use your machine to carry out other nefarious tasks. Common tasks executed by botnets include:
- Using your machine’s power to assist in distributed denial-of-service (DDoS) attacks to shut down websites.
- Emailing spam out to millions of Internet users.
- Generating fake Internet traffic on a third-party website for financial gain.
- Replacing banner ads in your web browser specifically targeted at you.
- Pop-ups ads designed to get you to pay for the removal of the botnet through a phony anti-spyware package.
The short answer is that a botnet is hijacking your computer to do what botnets do — carry out mundane tasks — faster and better.
Necurs Botnet Pushing New Marap Malware
Security researchers from Proofpoint have discovered a new malware strain that they named Marap and which is currently distributed via massive waves of spam emails carrying malicious attachments (malspam).
The malware is neither a banking trojan, a remote access trojan (RAT), or ransomware, but a malware download (also referred to as malware loader or malware dropper).
Marap is a slim malware strain that infects victims, fingerprints their systems, and sends this information back to a central command & control (C&C) server.
Marap distributed via Necurs-like spam campaigns
Currently, the malware is in a build-up stage, where with the help of malspam campaigns, the malware is building a base of infected users.
Proofpoint says these malspam campaigns “shared many features with previous campaigns attributed to the TA505 actor.”
The TA505 actor is Proofpoint’s internal name for Necurs, the world’s largest spam botnet, which in recent years has been behind campaigns distributing some of the most widespread malware threats, such as the Dridex banking trojan, and the Locky and Jaff ransomware families.
This massive botnet has been relatively quiet since the start of the year, being involved in many low-volume malspam campaigns, and only recently began returning to larger distribution pushes.
Marap downloader still in its infancy
As for the malspam campaigns pushing the new Marap downloader, Proofpoint says it’s seen various versions. Researchers have seen campaigns leveraging .IQY files, PDF documents with embedded IQY files, password-protected ZIP archives, and the classic Word docs with embedded macros.
As for Marap itself, researchers also said the malware contains basic features to detect virtual machines used for malware analysis, but they don’t appear as complicated as other techniques used by more established trojans.
Marap’s emergence is no surprise. In the past year, as ransomware distribution has died down, malicious threat actors have returned to distributing banking trojans or have shifted to distributing cryptocurrency mining trojans or malware downloaders.
Highest Selling Technical Courses of Indian Cyber Security Solutions:
Cybersecurity services that can protect your company:
Other Location for Online Courses: