"DirtyMoe Botnet Returns With Undetectable Threat Profile"

The newest version of the malware botnet known as DirtyMoe has made some significant changes, pushing it back into the spotlight. Its first iteration, NuggetPhantom, appeared in 2016. However, NuggetPhantom and other early samples of the threat did not work well as they were found to be unstable. An analysis of DirtyMoe's most recent variants conducted by researchers at the antivirus firm Avast found that they match other threats regarding their anti-forensic, anti-bugging, and anti-tracking capabilities. In addition, the DirtyMoe botnet has been discovered to balance a modular structure with a threat profile that cannot be detected or tracked. The DirtyMoe attack chain starts with attackers trying to gain administrator privileges on a target's Windows machine. One of the attackers' preferred methods relies on the use of the PurpleFox exploit kit. The attackers also use infected files and phishing emails containing URLs that exploit Internet Explorer flaws in order to gain higher privileges. If they successfully gain administrator privileges, the attackers will then use the Windows MSI installer to deploy DirtyMoe. The Windows Session Manager is used to overwrite the system file relating to the Windows System Event Notification. This allows the main DirtyMoe botnet service to run at the system level. Organizations can protect themselves from the DirtyMoe botnet by implementing a modern vulnerability management solution, which involves ensuring the sharing of information about potential problems among system administrators, security teams, and others. Businesses and agencies are also advised to confirm that their anti-phishing strategy includes both employee security awareness training and technical controls. This article continues to discuss the history of the DirtyMoe malware botnet, the newest version of this botnet, its connection to the PurpleFox exploit kit, and how organizations can defend themselves against DirtyMoe. 

Security Intelligence reports "DirtyMoe Botnet Returns With Undetectable Threat Profile"

Submitted by Anonymous on