This Botnet Proves That There’s No Honor Among Thieves

Cybercriminals and hackers aren’t exactly examples of the most trustworthy people online, so it should come as no surprise that they are willing to exploit each other for their own benefit. We recently saw an example of this phenomenon with the Cobain botnet.

Hackers have begun to see the value of creating a highly-demanded product, and now create malware that is available to be leased to aspiring amateur cybercriminals. These amateurs only need to fork over a fee in Bitcoin for access to the latest programs designed by more experienced hackers--but it isn’t always that simple, as the recent botnet program Cobian shows.

Powered by njRAT, a malware that first appeared in 2015, Cobian gives its user access to a considerably threatening set of tools--including webcam control, screensharing, a keylogger, and remote code execution. However, Cobian also includes some features that these users would be less than enthusiastic about. While creating the program, the developers included some encrypted code that provides them with access to the botnet’s master control switch.

As a result, those who purchase the Cobian botnet are unwittingly handing over their systems to the developers to do with as they wish. It would be funny, if it didn’t still mean that the average user is at risk.

NakedSecurity explains how the botnet remains hidden, going on to describe how the threat ultimately activates:

“Cobian’s executable payload disguises itself as a Microsoft Excel file. Cobian’s secondary payload then checks to see if the second-level operator is online. If so, then the code that enables the author to acquire master control operates to evade detection. If the second-level operator is offline, the secondary payload acquires the address of the author’s command and control servers from Pastebin.”

As if we needed another reminder, Cobian proves that hackers simply cannot be trusted--but it also proves that the threat of a hacking attack is more pronounced than many business owners may be prepared for. If a botnet, or other threat, can be leveraged by those without technical skill, the odds of an attack are much greater. As a result, it becomes that much more important to ensure your business is protected. For help, call Texas Professional IT Services LLC at (832) 514-6260.