76 views
0

WHY THIS MATTERS IN BRIEF

Cyber attacks are getting out of control, but evolving, roving “good samaritan” forms of malware could become the new cops of the internet and the future of cybersecurity.

 

Security researchers have discovered a very odd new botnet that, rather than posing a threat, seems to be seeking out and destroying other malicious malware, in this case a specific type of crypto-mining malware. In short it’s the first “good samaritan,” if we can call it that, of its kind and it shows how the war against cyberattacks might not always be as one sided we think, despite the early appearance last year of another first of a kind malware, a AI fuelled self-learning malware that evaded detection for months because it learnt and then mimicked the behaviours of the systems it had infected. Furthermore, if the future forms of this malware are able to evolve then they could eventually police the internet on our behalf, protecting it from cyber attacks in the same way that the human body’s antibodies attack disease – a new for of internet “immune system” that’s also been posited by DarkTrace the revolutionary UK cyber security company.

 

RELATED
Physicists just turned a non superconductive material into a superconductor

 

Called Fbot the new type of malware is a variant of another one called Satori, which is in turn itself is based on the now infamous Mirai malware variant – a program that was used a couple of years ago to devastating effect and took down chunks of the US and European internet by executing huge DDoS attacks against the internets critical infrastructure.

Unusually in Fbot the DDoS module seems to have been deactivated and instead Fbot searches for devices infected with a specific crypto-jacking malware and replaces it in the system, the report says.

Discovered by the team at Qihoo 360Netlab, the variant seeks out a malware form dubbed com.ufo.miner – a variant of Android-based monero miner ADB.Miner.

Distributing itself by searching for devices with a specific open port, the botnet then uses a script to uninstall com.ufo.miner, if found. Fbot is programmed to scan and propagate, install itself over the malware and ultimately self-destruct, the researchers say.

Also unusually, the botnet code is linked to a domain name accessible, not through a standard domain name system (DNS), but a decentralized alternative called EmerDNS that makes addresses harder to trace and shut down.

 

RELATED
US Designates Election Infrastructure as 'Critical'

 

“The choice of Fbot using EmerDNS other than traditional DNS is pretty interesting, it raised the bar for security researcher to find and track the botnet,” said the researchers.

It is not yet clear if Fbot has been set up by someone with good intentions or by a rival crypto-jacker seeking to remove the competition though, but obviously many are hoping it’s the former.

The prevalence of crypto mining malware has shot up in the last year, according to various security teams, and has been found globally on systems owned by enterprises and governments alike, as well as individuals. In fact so much so that the other crybercrime tool of choice, ransomware, has now taken a back seat. Indeed, IT security firm Trend Micro reported in late August, crypto-jacking attacks spiked by 956 percent from the first half of 2017 to the first half of 2018, and among current initiatives to counter the rising threat, Firefox said in August that its browsers will soon automatically block crypto mining malware scripts with the Opera browser launching similar protection for mobile devices in January.

And as for Fbot, well, it might very well be the only piece of malware on Earth, for now atleast, that cybersecurity researchers suggest you download on purpose.

About author

Matthew Griffin

Matthew Griffin, award winning Futurist and Founder of the 311 Institute, a global futures think tank working between the dates of 2020 and 2070, is described as "The Adviser behind the Advisers." Regularly featured on AP, CNBC, Discovery and RT, his ability to identify, track, and explain the impacts of hundreds of revolutionary emerging technologies on global culture, industry and society, is unparalleled. Recognised for the past five years as one of the world's foremost futurists, innovation and strategy experts Matthew is an international speaker who helps governments, investors, multi-nationals and regulators around the world envision, build and lead an inclusive future. A rare talent Matthew sits on the Technology and Innovation Committee (TIAC) for Centrica, Europe’s largest utility company, and his recent work includes mentoring XPrize teams, building the first generation of biocomputers and re-inventing global education, and helping the world’s largest manufacturers envision, design and build the next 20 years of devices, smartphones and intelligent machines. Matthew's clients are the who’s who of industry and include Accenture, Bain & Co, BCG, BOA, Blackrock, Bentley, Credit Suisse, Dell EMC, Dentons, Deloitte, Du Pont, E&Y, HPE, Huawei, JPMorgan Chase, KPMG, McKinsey, PWC, Qualcomm, SAP, Samsung, Sopra Steria, UBS, the USAF and many others.

Your email address will not be published. Required fields are marked *