A botnet active since May 2019, was identified recently by a Slovak based cybersecurity group called ESET. They released a press release last week claiming that a botnet has infected more than 35 thousand computers around the world. This botnet was dubbed as VictoryGate.
Understanding the botnet
The word BOTNET is formed using two words – Robot and Internet. According to Wikipedia a botnet is “a network of private computers infected with malicious software and controlled as a group without the owners’ knowledge, e.g. to send spam. “. These infected computers Work together and are controlled by a person or a single group and it is known as a botmaster. A Botmaster can use this botnet to carry out several different kinds of attacks like DDOS (distributed denial of services). The important thing related to a botnet is that a victim might not even know that he is a part of the botnet. Downloading files from the internet that too from suspicious sites makes you more vulnerable to any such incident.
The attack explained
According to the press release, the attackers used removable devices to infect the pc with malware. The most commonly used removable device was a USB drive. The culprits were able to fool the victim by attaching a USB drive to their systems. The USB seemed to have all the files that a user wanted with exact same name and icon. In this way, they were able to gain the victim’s trust. As soon as the victim tries to open a file, two files will be opened. First, the file which the user actually intended to. Second file with the malicious payload. The newly injected malware will then use the systems processing power to carry out unethical operations for their masters. The victim will have not even the slightest idea that his system is infected and is a part of a botnet
The need for botnet
We all have heard that there has been a sudden surge in cryptocurrency valuation. Many people have started mining cryptocurrencies so that they can get rich quickly without stepping out of their house. But cryptocurrency mining requires very powerful computers with high-end processing power. In order to get the requisite processing power people also connect multiple systems together to combine their processing capabilities. But not everyone has access to such highly efficient pcs. So, the culprits try to come up with unethical measures like creating a botnet. Creating a botnet means the attacker will be able to harness the processing power of all the systems of a particular botnet and then it can be used for mining.
How to identify infected PCs?
Since the attack was carried out using a physical USB drive, its spread is limited to only specific regions of Latin America. According to the press release, more than 90% of infected devices are in Peru. As the malware used the systems processing power, the CPU load of the infected devices was always between 90-99%. Using systems constantly with such high loads can also physically harm the device. Common symptoms after being affected by malware include overheating and screen freezing. The press release informed that the victims spanned over both public and private sectors. Some financial institutions were also infected using this USB drive.
ESET to the rescue
VictoryGate botnet was infecting PCs by mining monera cryptocurrency without the user’s consent. ESET claims that they were able to take down half of the botnet. They did this by attacking the botnet’s command and control (C&C) server. C&C servers are centralized machines that can send commands and receive outputs of machines part of a botnet. After taking down the server they replaced it with a sinkhole, which is a fake server of their own. This sinkhole was then used to monitor and control the infected hosts. Based on this, they were able to conclude that on a daily basis an average of 2000 computers was being used for mining purposes.
How to safeguard yourself
The first step to prevent yourself from such an attack is to avoid using any unauthorized or suspicious USB drives. Second, use an updated version of antivirus. Most of today’s anti-virus can detect viruses, trojan, and malware. Avoid using any web extensions for cryptocurrency as google has recently reported several web extensions as malicious