Quote:The very dangerous Mylobot botnet known for acting as a gateway for second stage malware payloads has been detected by CenturyLink while downloading the Khalesi data-stealing Trojan on compromised machines.

"What makes Mylobot so dangerous is its ability to download and execute any other type of payload the attacker wants, and we now have evidence one of those payloads is Khalesi," stated Mike Benjamin, CenturyLink's Head of Threat Research Labs.

According to CenturyLink Threat Research Labs' analysis, roughly 18,000 different IP addresses were observed while communicating with Mylobot command-and-control (C&C) servers, with most of them coming from Iraq, Iran, Argentina, Russia, Vietnam, China, India, Saudi Arabia, Chile, and Egypt.

Moreover, as detailed by Deep Instinct in their report, Mylobot uses anti-VM, anti-sandbox, anti-debugging, and  Reflective EXE (running EXE binaries straight from memory) techniques.

Furthermore to make itself even harder to detect, once it infiltrates a computing system Mylobot will not contact its C&C servers for 14 days.