If infected with this new virus, your chances of data recovery are 0%
Computer viruses and worms were once common malicious agents for a while, but now make way for more sophisticated and diverse threats, including real-world cryptocurrency mining tools. Legal, Trojans, ransomware and sophisticated monitoring software designed to infiltrate mobile devices.
However, when the virus reappears, it will be extremely scary. This is true for KBOT, a new virus discovered by researchers from the Kaspersky team.
KBOT can be spread via Internet access systems, local area networks and removable hard drives. When a system is infected, the virus will write itself to the Startup and Task Scheduler, spreading to all .exe files on the system and shared network folders in its path.
During a scan of the system's drives, the virus attaches polymorphic code to the .exe files and the override function of the IWbemObjectSink interface, a basic feature of the Win32 application. In addition, KBOT can also identify all connections between drives and use the NetServerEnum and NetShareEnum API functions to access links to other network resources to spread malware.
More dangerous, KBOT uses a variety of sophisticated tools and techniques to conceal its operations, including RC4 chain encryption, scanning antivirus software-related DLLs to disable them and inject code. into valid running processes.
Not only does it interfere with the .exe files, the malware tries to steal the victim's personal data, which may include the login information used to access financial services and online banking. gland. Using fake websites is KBOT's preferred method and to do so, the virus interferes with the browser code, as well as the code of the system functions that handle traffic.
Of course, before stealing the victim's data, the virus will have to establish a link to its command and control server (C2), in which the associated domain names are stored in hosts.ini. The configuration and connection parameters C2 are encrypted and will send bot IDs, computer names, operating systems and local user data lists as well as security software that they have installed on the system.
C2 commands include deleting and updating files, instructions for updating bot modules, or performing self-destruction. In addition, KBOT can also download additional malware modules that collect user data including login information, files, system information and data related to cryptocurrency wallets.
With all the above characteristics, KBOT is considered a new extremely dangerous computer virus. Global cybersecurity experts are closely monitoring malicious code and response plans will be launched soon.
You should read it
- Network security 2009: Disturbing computer virus problems
- This is the person who created the world's first computer virus
- What to do to handle 'No Internet After Malware Removal' error?
- There are nearly 3,000 new strains of computer viruses in Vietnam
- How to identify computers infected with viruses with 10 characteristic signs
- How to remove viruses in USB drives, memory cards, computers
- Difference between Virus, Spyware and Malware
- 3 ways to identify a Mac infected with a virus
- Virus destroys data that is spreading in Vietnam
- 17 clear signs that your computer has been attacked by a virus
- Skype is being attacked by Dorkbot worm
- 9 things to do when detecting a computer infected with malware
Maybe you are interested
Why should I scan for viruses regularly?
Change these 5 settings to speed up your antivirus software!
Cancer treatment with virus, a new breakthrough in medicine?
How to prevent stomach viruses after exposure
7 Best Free Antivirus Software for Mac
Kaspersky antivirus software suddenly disappears from Google Play Store