Security firm Netlab 360 has discovered a new botnet named Fbot in a strange case of fighting fire with fire. Fbot appears to be very different from almost any other botnet because it is seeking and destroying another botnet called ufo miner, known to install crypto mining malware on computers.
Fbot doesn’t appear to install any malware of its own, with a seemingly singular purpose of destroying a crypto mining malware botnet.
Botnets are an extremely common tool among hackers. Essentially, a hacker writes a program that installs itself on someone’s computer before propagating itself to more computers. The hacker uses the botnet to steal personal information, and in the case of crypto mining malware botnets, aggregate the weak processing power of thousands to millions of personal computers to mine significant amounts of crypto. Monero mining botnets are very common; one called Smominru infected 526,000 computers and mined millions of dollars of Monero.
In the case of Fbot, it finds the ufo miner software on an infected computer, rewrites itself in place of ufo miner, and then deletes itself. This leaves the computer uninfected, at least from either ufo miner or Fbot. This is probably the first recorded case of a botnet that deletes mining malware rather than installs.
Fbot will be difficult to stop because it uses the Emercoin decentralized domain name system (DNS), rather than the typical centralized DNS. It uses the same software to propagate that other mining malware botnets have been known to use, ADB.miner. Although the Fbot botnet may appear to be “good”, it is definitely installing itself without permission in a virus-esque fashion.
Some assumptions are that Fbot was created by someone trying to eliminate mining malware botnets but there is some evidence of more sinister motives. Netlab 360 found that Fbot has a strong connection to the Satori botnet; based on domain names that use the same registration email. Satori is a malicious botnet that has infected hundreds of thousands of computers.
If true, then Fbot might be produced by Satori to eliminate competition, since competing botnets on a single device results in less than optimal mining revenue.
Regardless of the intentions, the idea of a botnet destroying other botnets could be deployed by white hat hackers to finally curtail the growing crypto mining malware problem.
Follow BitcoinNews.com on Twitter: @bitcoinnewscom
Telegram Alerts from BitcoinNews.com: https://t.me/bconews
Want to advertise or get published on BitcoinNews.com? – View our Media Kit PDF here.
Image Courtesy: Pixabay
