Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
WMGroomAK

FBot, malware botnet killing malware crypto botnets?

Recommended Posts

Posted · Original PosterOP

An interesting security report was recently released concerning a new botnet being labelled as Fbot that appears to be targeting a seperate botnet for removal.  According to a report from security firm Netlab, this botnet is a variant of the ADBminer software that appears to only have the purposed of seeking out ad removing the com.ufo.miner botnet and may have links to the original Satori botnet.

 

https://www.ccn.com/vigilante-botnet-infects-computers-to-remove-cryptocurrency-malware/

Quote

Botnets consist of dozens, hundreds, or even thousands of internet-connected devices which are then used to carry out to send spam messages en masse or to launch distributed denial-of-service (DDoS) attacks, crashing online services. CCN has reported before on how botnets infected millions of computers last year with cryptojacking software designed to siphon CPU power for and use it to secretly mine crypto for the malware owners.

 

A particularly notorious botnet called ‘Mirai’ famously hijacked IoT devices to mine Bitcoin – while IoT devices are individually extremely ineffective, Mirai is a particularly virulent piece of malware that infected thousands of devices in a short space of time to take small profits from all of them. While the term botnet understandably carries a malicious connotation, one botnet seems to be breaking the mold and is seemingly forcing its way into user computers without to infect them – with crypto antivirus software.

 

Security research firm Netlab released a report describing the malware which they have dubbed ‘Fbot’, a variant of the legitimate ADBminer software designed to mine cryptocurrencies.

“There are 3 interesting aspects about this new botnet:

  • First, so far the only purpose of this botnet looks to be just going after and removing another botnet com.ufo.miner.
  • Second, the bot does not use traditional DNS to communicate with the C2, instead, it utilizes block-chain DNS to resolve the non-stand C2 name musl.lib. (see below for details)
  • Third, this bot appears to have strong links to the original satori botnet.”

The botnet cleanses the ‘infected’ computers of the notoriously widespread cryptojacking malware and so far doesn’t seem to be leaving anything behind in its place, leading some to believe that the botnet may even be designed with that single benign purpose in mind.

 

However, it’s possible that there’s more to the software that meets the eye, or that it’s simply the first phase of a larger plan. The botnet could potentially be clearing competing crypto-malware only to pave the way for a fresh wave of attacks of its own, systematically eliminating the competition. Botnets take time, effort, and funding to operate which makes it hard to believe that an anonymous botnet could be working out there simply to help people.

 

I'm left to wonder if this is a legitimate attempt to have a botnet clean up another botnets mess or is it merely establishing itself and waiting for future deployment potential. Would be nice if it's just the former, but hard to trust.  It is kind of interesting though that someone is using a botnet to kill another botnet.

 

Netlab report: https://blog.netlab.360.com/threat-alert-a-new-worm-fbot-cleaning-adbminer-is-using-a-blockchain-based-dns-en/

Link to post
Share on other sites

There was a guy who was doing something like this a while ago - hacking into hacked IoT devices to clean or shut them down - so it's not impossible to imagine this could be altruistic at heart as well, but yeah, you never know for sure, and even if it is, the ends may not necessarily justify the means, depending how it works.

Link to post
Share on other sites
1 hour ago, schwellmo92 said:

I used to be in the black hat scene many many years ago and killing off competing malware was quite common, you end up with a better quality host if you’re the only one commanding the host.

Stop lying bruh. 

Link to post
Share on other sites
4 hours ago, DaPhuc said:

Stop lying bruh. 

What do I have to gain by lying? When I was a child (<18) I was a black hat (script kiddie). Killing off competing malware was beneficial because you don't have to compete for network (in the case of DDOS attacks) or CPU/GPU (in the case of miners), and then when you are stealing license keys, financial information and accounts you don't have others also leaching that same information.

Link to post
Share on other sites

That's a pretty interesting story, and really makes me wonder if we are starting to see a botnet war starting perhaps 


I spent $2500 on building my PC and all i do with it is play no games atm & watch anime at 1080p(finally)...

Builds:

The Toaster Project! Northern Bee!

 

The original LAN PC build log! (Old, dead and replaced by The Toaster Project & 5.0)

Spoiler

"Here is some advice that might have gotten lost somewhere along the way in your life. 

 

#1. Treat others as you would like to be treated.

#2. It's best to keep your mouth shut; and appear to be stupid, rather than open it and remove all doubt.

#3. There is nothing "wrong" with being wrong. Learning from a mistake can be more valuable than not making one in the first place.

 

Follow these simple rules in life, and I promise you, things magically get easier. " - MageTank 31-10-2016

 

 

Link to post
Share on other sites
7 minutes ago, Bananasplit_00 said:

That's a pretty interesting story, and really makes me wonder if we are starting to see a botnet war starting perhaps 

The Skynet is mobilizing......

 

Image result for skynet robots marching gif

Link to post
Share on other sites
2 hours ago, schwellmo92 said:

What do I have to gain by lying? When I was a child (<18) I was a black hat (script kiddie). Killing off competing malware was beneficial because you don't have to compete for network (in the case of DDOS attacks) or CPU/GPU (in the case of miners), and then when you are stealing license keys, financial information and accounts you don't have others also leaching that same information.

I need a good evidence for that bruh. Anyone can claim that they are a black hat, but without a good evidence I won't buy it. 

Link to post
Share on other sites
24 minutes ago, DaPhuc said:

I need a good evidence for that bruh. Anyone can claim that they are a black hat, but without a good evidence I won't buy it. 

its usually not a smart thing to prove this kind of actions, so don't expect them, listen and believe :P

Link to post
Share on other sites
37 minutes ago, cj09beira said:

its usually not a smart thing to prove this kind of actions, so don't expect them, listen and believe :P

"hur dur here's proof I did lots of illegal stuff to prove I have a large penis"


Work Laptop: HP ZBook 15  i7-4800QM 16GB  Home Laptop: Lenovo Ideapad 720s i7 8550u Phone: Galaxy S9  

CPU: R7 3700X GPU: GTX 1070 it Strix HDD: 1TB WD Blue SSD: 128gb 970 Memory: 16GB Crucial DDR4

 

Link to post
Share on other sites
38 minutes ago, cj09beira said:

its usually not a smart thing to prove this kind of actions, so don't expect them, listen and believe :P

Ain't going to buy unless evidence is provided. 

Link to post
Share on other sites
15 hours ago, Arika S said:

can someone ELI5 for me?

A computer controlling virus is using its computer controlling power to fight a crypto mining viruses on the computers it infects 

 

its wierd kinda like getting a rash , but that rash cured your flu 

 


RyzenAir : AMD R5 1600 | AsRock AB350M Pro4 | 24gb KVR DDR4 2666 | GTX 1060 | Fractal Design Node 804
RyzenITX : Ryzen 3 2200G | GA-AB350N-Gaming WIFI | 12gb DDR4 2993 | Vega 8 | MS-Tech CI-58 | Pico PSU 150

 

PSU Tier list

 

Link to post
Share on other sites
On 9/19/2018 at 11:26 AM, DaPhuc said:

Stop lying bruh. 

Dude, if it's not him its someone else in this thread who was,  law of averages says that when you have some many tech enthusiasts gather on one site at least a few of them are likely to have been part of some untoward digital activity.  There is literally no point in trying to argue he isn't unless he has specifically said something that illustrates  he made it up,  like the guy in the other thread who said he was a profession who used vs code for debugging but didn't know it was from MS.


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Sometimes I miss contractions like n't on the end of words like wouldn't, couldn't and shouldn't.    Please don't be a dick,  make allowances when reading my posts.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×