{"id":4385,"date":"2023-02-25T16:06:02","date_gmt":"2023-02-25T15:06:02","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=4385"},"modified":"2023-02-25T16:06:02","modified_gmt":"2023-02-25T15:06:02","slug":"mylobot-botnet-napada-hiljade-windows-sistema","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2023\/02\/25\/mylobot-botnet-napada-hiljade-windows-sistema\/","title":{"rendered":"MyloBot Botnet napada hiljade Windows sistema"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\"><em>MyloBot Botnet<\/em> je <a href=\"https:\/\/sajberinfo.com\/2022\/04\/24\/botnet\/\" target=\"_blank\" rel=\"nofollow noopener\">napredna mre\u017ea zara\u017eenih ure\u0111aja<\/a> pod kontrolom zlonamjernih aktera, koji uspje\u0161no inficiraju brojne korisni\u010dke ure\u0111aje.<\/span><\/p>\n<div id=\"attachment_4386\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4386\" class=\"size-full wp-image-4386\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/02\/MyloBot-Botnet.jpg\" alt=\"MyloBot Botnet napada hiljade Windows sistema\" width=\"1024\" height=\"656\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/02\/MyloBot-Botnet.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/02\/MyloBot-Botnet-300x192.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/02\/MyloBot-Botnet-768x492.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/02\/MyloBot-Botnet-18x12.jpg 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-4386\" class=\"wp-caption-text\"><em>MyloBot Botnet; Dizajn: Sa\u0161a \u0110uric<\/em><\/p><\/div>\n<p><span style=\"font-size: 14pt;\"><em>MyloBot Botnet<\/em> je primarno orijentisan ka zemljama kao \u0161to su Indija, Sjedinjene Ameri\u010dke Dr\u017eave, Indonezija i Iran, pokazuju <a href=\"https:\/\/www.bitsight.com\/blog\/mylobot-investigating-proxy-botnet\" target=\"_blank\" rel=\"noopener\">podaci kompanije <em>BitSight<\/em><\/a>. <em>Botnet <\/em>je napadao i kompromitovao hiljade ure\u0111aja u navedenom geografskom podru\u010dju, pokazuju\u0107i svoju sposobnost da mo\u017ee funkcionisati u \u0161irokom geografskom opsegu i da niko \u0161irom globusa nije bezbjedan.<\/span><\/p>\n<h2><\/h2>\n<h2><span style=\"font-size: 14pt;\"><strong>Po\u010detak<\/strong><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\"><em>MyloBot Botnet<\/em> je napredna mre\u017ea zara\u017eenih ure\u0111aja sa sposobno\u0161\u0107u infekcije vi\u0161e od 50.000 ure\u0111aja dnevno, otkrivena prvi put 2017. godine. Najve\u0107u ekspanziju do\u017eivljava 2020. godine kada je pod kontrolom imala 250.000 jedinstvenih ure\u0111aja. Koristi razne tehnike izbjegavanja sigurnosnih mehanizama za\u0161tite, uz mogu\u0107nost ga\u0161enja <em>Windows<\/em> antivirusnog softvera <em>Windows Defender<\/em> i <em>Windows<\/em> a\u017euriranja. Kao i svaka mre\u017ea zara\u017eenih ure\u0111aja, tako i <em>MyloBot Botnet<\/em> ima mogu\u0107nosti <a href=\"https:\/\/sajberinfo.com\/2022\/04\/25\/ddos\/\" target=\"_blank\" rel=\"nofollow noopener\"><em>DDoS<\/em> napada<\/a>, kra\u0111e podataka, pa \u010dak instalacije<em> ransomware<\/em>-a, uz kori\u0161tenje naprednih tehnika izbjegavanja antivirusnih rje\u0161enja. To podrazumijeva kori\u0161tenje tri sloja tehnika za izbjegavanje otkrivanja i kori\u0161tenje komunikacije sa komandnim serverom za dostavljanje zlonamjernog softvera koji na kraju dovodi do infekcije ure\u0111aja. Do sada evidentirane sljede\u0107e tehnike koje koristi <em>MyloBot Botnet<\/em> za izbjegavanje otkrivanja:<\/span><\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li><span style=\"font-size: 14pt;\">Detekcija virtualnih ma\u0161ina,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Detekcija <em>sandbox<\/em> okru\u017eenja,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Onemogu\u0107avanje pra\u0107enja gre\u0161aka,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Sakrivanje va\u017enih dijelova unutar \u0161ifrovanih dokumenata,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Ubacivanje k\u00f4da,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Zloupotreba legitimnih procesa.<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Tako\u0111e se koristi mehanizam odlaganja pokretanja u trajanju od 14 dana, \u0161to ote\u017eava pra\u0107enje i otkrivanje infekcije ure\u0111aja.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"font-size: 14pt;\"><strong>Nove mogu\u0107nosti<\/strong><\/span><\/h3>\n<p><span style=\"font-size: 14pt;\"><em>MyloBot Botnet<\/em> sada koristi <em>BHProxies<\/em>, uslugu stambenih <em>proxy<\/em> servera, \u0161to mo\u017ee pove\u0107ati opasnost ove mre\u017ee zara\u017eenih ure\u0111aja i u\u010diniti je te\u017eom za otkrivanje. Istra\u017eivanje je pokazalo, da nakon komunikacije sa komandnim serverom, kompromitovani ure\u0111aje se transformi\u0161e u novi <em>proxy<\/em> server, a nakon toga dobija mogu\u0107nost da obra\u0111uje nove veze i prenosi saobra\u0107aj koji se \u0161alje preko <em>proxy<\/em> servera ka komandnom serveru.<\/span><\/p>\n<div id=\"attachment_4388\" style=\"width: 946px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4388\" class=\"size-full wp-image-4388\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/02\/BHProxies-website.webp\" alt=\"BHProxies\" width=\"936\" height=\"1147\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/02\/BHProxies-website.webp 936w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/02\/BHProxies-website-245x300.webp 245w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/02\/BHProxies-website-836x1024.webp 836w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/02\/BHProxies-website-768x941.webp 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/02\/BHProxies-website-10x12.webp 10w\" sizes=\"auto, (max-width: 936px) 100vw, 936px\" \/><p id=\"caption-attachment-4388\" class=\"wp-caption-text\"><em>BHProxies website; Source: <\/em><a href=\"https:\/\/www.bitsight.com\/blog\/mylobot-investigating-proxy-botnet\" target=\"_blank\" rel=\"noopener\"><em>BitSight Security Research<\/em><\/a><\/p><\/div>\n<p><span style=\"font-size: 14pt;\">Dalja komunikacija sa kompromitovanim ure\u0111ajem se koristi za preuzimanje zlonamjernog k\u00f4da koji \u0107e uspostaviti \u0161ifriranu komunikaciju sa komandnim serverom, ko \u0107e odgovoriti \u0161ifriranom porukom u kojoj se nalazi adresa za preuzimanje zlonamjernog softvera.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Postoji sumnja da bi <em>MyloBot Botnet<\/em> mogao biti dio ne\u010deg ve\u0107eg, a na to upu\u0107uje kori\u0161tenje obrnute <em>DNS<\/em> potrage jedne od <em>IP<\/em> adresa povezane sa komandnim serverom koja upu\u0107uje na domenu pod nazivom &#8220;<em>clients[.]bhproxies[.]com<\/em>&#8220;.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Korisnicima se, na prvom mjestu, preporu\u010duje\u00a0 upotreba provjerenih naprednih antivirusnih rje\u0161enja uz redovan a\u017euriranja antivirusnih definicija. Tako\u0111e, potrebno je vr\u0161iti redovno pravljenje rezervnih kopija podataka, kako bi se izbjegli gubici podatka u slu\u010daju infekcije ure\u0111aja zlonamjernim softverom kao \u0161to je <em>ransomware<\/em>.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>MyloBot Botnet je napredna mre\u017ea zara\u017eenih ure\u0111aja pod kontrolom zlonamjernih aktera, koji uspje\u0161no inficiraju brojne korisni\u010dke ure\u0111aje. MyloBot Botnet je primarno orijentisan ka zemljama kao \u0161to su Indija, Sjedinjene Ameri\u010dke Dr\u017eave, Indonezija i Iran,&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":4386,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[113,114,229,133,273,100],"class_list":["post-4385","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-botnet","tag-ddos","tag-proxy","tag-ransomware","tag-sandbox","tag-spyware"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4385","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=4385"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4385\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/4386"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=4385"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=4385"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=4385"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}