Vigilante Botnet Infects Computers to Remove Cryptocurrency Malware
A botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform a distributed denial-of-service attack, steal data, send spam, and allows the attacker to access the device and its connection. Botnets have becoming a promisingly powerful over the past few years and have been used as a mean to cause disruption and giving rise to cyber crime.
Botnets are the group of hundreds or thousands of internet-connected devices which are used for many cyber crime related activities or internet based attacks such as send spam messages or to launch distributed denial-of-service (DDoS) attacks, crashing online services. From the last years reports it can be determined how cryptojacking software designed to siphon CPU power for and use it to secretly mine crypto for the malware owners.
A renowned botnet ‘Mirai‘ hijacked IoT devices to mine Bitcoin even when the IoT devices are considered to be extremely ineffective individually. Mirai is know to be most proliferate malware that infected thousands of devices in a short span of time and sucking small profit out of them. While the botnets are famously malicious, one botnet seems to take a different route by forcing its way into user computers without to infect them with crypto antivirus software.
A report from Netlab, a security reasearch firm, shows a malware dubbed as ‘Fbot’, is designed to mine cryptocurrencies.
The report says there are few interesting facts about the new botnet:
- First, is that the only purpose of this botnet is the elimination of another botnet com.ufo.miner.
- Second, the bot does not use traditional DNS to communicate with the C2, instead, it utilizes block-chain DNS to resolve the non-stand C2 name musl.lib.
- Third, this bot appears to have strong links to the original satori botnet.”
The botnet cleanses the ‘infected’ computers from the cryptojacking malware and does not seem to leave a trace behind it which tends to make others believe that it was designed to do that specific task only.
It is quite possible that there are more to the software that is to be discovered yet or maybe the removal of another botnet is to make the room for its own and start another phase of the larger plan. The operation of this botnet requires time and effort along with funding which implants more suspense as its output is puny.
The botnet have proved to be worth to be under surveillance.