A previously unknown botnet campaign, named Jaku or JAKU has been investigated by researchers at Forcepoint Security Labs. The botnet has affected more than 19,000 computers, including them in its zombie network.
Interestingly, most of the victims appear to be located in Asian countries, specifically Japan and South Korea. 73% of Jaku’s infections are located in those regions. Nonetheless, other 134 countries have also been targeted by Jaku.
Because of its rapid growth and infection rates, Forcepoint’s research points that Jaku is more resilient than other known botnets.
Jaku Botnet: Technical Overview
Whoever is controlling the botnet is using multiple command & control servers, situated in the Asia-Pacific region. The group’s stealthy techniques include:
- Three different command & control structures
- Obfuscation techniques (obfuscated SQLite databases)
Jaku Botnet: Campaigns
The botnet is primarily used to deliver spam and launch DDoS attacks. In some cases, Jaku can be used to deliver malware, too. If the malware-delivery stage of the attack happens, steganography is used to implement malicious code inside image files.
In order to infect machines, the botnet employs malicious torrent files shared via BitTorrent.
Jaku Botnet: Victims
According to researchers, the botnet is primarily after international NGOs, engineering companies, science institutions and government employees.
This is what the researchers say:
JAKU targets its victims – 19,000 is a conservative estimate of the number of victims at any one time – primarily via ‘poisoned’ BitTorrent file shares. The victims are spread all over the globe, but a significant number of victims are in South Korea and Japan. Forcepoint Security Labs has determined that the botnet Command and Control (C2) servers identified are also located in the APAC region, including Singapore, Malaysia and Thailand.
How to Stay Protected Against Jaku and Other Botnets?
Having in mind that botnets are often deployed to spread malware across multiple machines simultaneously, having a powerful anti-malware solution appears to be a necessity.
Cyber crooks apply two strategies to intrude victims’ machines and turn them into zombies:
- Installation of malware via exploiting software vulnerabilities or hijacking your weak accounts.
- Tricking you into installing malware with the help of social engineering techniques.
To improve your security and avoid becoming a zombie, refer to the following security tips:
- Frequently update your software, operating system and browsers.
- Use strong passwords, consider using a password manager.
- Keep your firewall on. A firewall provides protection against intruders from the Internet.
- Don’t use flash drives with unknown origin.
- Revise your surfing and downloading habits and apply anti-spam filters.
- Install advanced anti-spyware and anti-virus software. An anti-spyware program will keep track of spying components and would go deep into the system. An anti-virus program will search the hard disc and remove uninvited guests.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter