Jaku Botnet usado em campanhas de DDoS e spam, Emprega esteganografia

A previously unknown botnet campaign, named Jaku or JAKU has been investigated by researchers at Forcepoint Security Labs. The botnet has affected more than 19,000 computadores, including them in its zombie network.

Curiosamente, most of the victims appear to be located in Asian countries, specifically Japan and South Korea. 73% of Jaku’s infections are located in those regions. Não obstante, de outros 134 countries have also been targeted by Jaku.

Because of its rapid growth and infection rates, Forcepoint’s research points that Jaku is more resilient than other known botnets.

Whoever is controlling the botnet is using multiple command & servidores de controle, situated in the Asia-Pacific region. The group’s stealthy techniques include:

• Three different command & control structures
• Obfuscation techniques (obfuscated SQLite databases)

Jaku Botnet: Campaigns

The botnet is primarily used to deliver spam and launch ataques DDoS. Em alguns casos, Jaku can be used to deliver malware, também. If the malware-delivery stage of the attack happens, steganography is used to implement malicious code inside image files.

In order to infect machines, the botnet employs malicious torrent files shared via BitTorrent.

Jaku Botnet: Victims

De acordo com pesquisadores, the botnet is primarily after international NGOs, engineering companies, science institutions and government employees.

This is what the researchers say:

JAKU targets its victims – 19,000 is a conservative estimate of the number of victims at any one time – primarily via ‘poisoned’ BitTorrent file shares. The victims are spread all over the globe, but a significant number of victims are in South Korea and Japan. Forcepoint Security Labs has determined that the botnet Command and Control (C2) servers identified are also located in the APAC region, including Singapore, Malaysia and Thailand.

Tendo em mente que as redes de bot são frequentemente implantadas para espalhar malware por várias máquinas simultaneamente, having a powerful anti-malware solution appears to be a necessity.

Cyber crooks apply two strategies to intrude victims’ machines and turn them into zombies:

• Instalação de malware através da exploração de vulnerabilidades de software ou do seqüestro de suas contas fracas.
• Enganando você a instalar malware com a ajuda de técnicas de engenharia social.

To improve your security and avoid becoming a zombie, consulte as seguintes dicas de segurança:

• Atualize seu software com freqüência, sistema operacional e navegadores.
• Use senhas fortes, consider using a password manager.
• Mantenha seu firewall ligado. Um firewall fornece proteção contra intrusos da Internet.
• Não use pen drives de origem desconhecida.
• Revise seus hábitos de navegação e download e aplique filtros anti-spam.
• Install advanced anti-spyware and anti-virus software. An anti-spyware program will keep track of spying components and would go deep into the system. Um programa antivírus pesquisará o disco rígido e removerá os convidados indesejados.

digitalizador Spy Hunter só irá detectar a ameaça. Se você quiser a ameaça de ser removido automaticamente, você precisa comprar a versão completa da ferramenta anti-malware.Saiba Mais Sobre SpyHunter Anti-Malware Ferramenta / Como desinstalar o SpyHunter