A new Windows malware in Play – SystemBC.
While finding and removing malware on your computer system may indeed be a joyous moment, there’s a new malware out there that will give you a headache instead. To know why, a dive through is needed into SystemBC, a malware written in C++ that has been discovered by researchers at Proofpoint and dubbed so because the word is a part of the URI path found in one of the malware’s advertisements.
How it operates is that it installs a Socks5 proxy on infected Windows computers by which it is able to connect to its command and control server, all the while managing to obscure its real IP address and doing things like bypassing firewalls without being detected.
See: Meet MyloBot malware turning Windows devices into Botnet
“In the most recently tracked example, the Fallout exploit is used to download the Danabot banking Trojan and a SOCKS5 proxy which is used on the victim’s Windows system to evade firewall detection of command and control (C2) traffic,” the researchers said.
While every malware can be lethal in itself, the real challenge for cyber-criminals is to figure out how to spread it. SystemBC has been doing this by packaging itself with two such exploit kits called RIG & the Fallout Exploit Kit (EK). For the unacquainted, an exploit kit is basically a package of tools that can be used for finding and making use of vulnerabilities against different targets.
Most recently, the malvertising-based Fallout exploit kit chain has been used to deliver instances of Maze ransomware.
See: You can now run Windows 95 on your Mac, Linux and Windows 10 devices
Keeping in mind the use of it among multiple exploit kits, researchers have come to believe that it was being sold in an underground marketplace. This is further proven by the fact that a malware being advertised as shown in the screenshots below was found to have similar functionality to SystemBC.
In conclusion, being a mixture of a proxy and a malware, SystemBC steps up its game significantly challenging traditional methods employed by cyber defenders. While various highly technical tactics could be implemented to safeguard one’s computer, a layman could at least keep their software updated and use the latest of what’s available among Windows systems.
Moreover, Windows users are urged to use a reliable anti-virus program and scan your device regularly. Stay safe online!
Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.