Echobot is a botnet-based Trojan that shares most of its code with the Mirai Botnet and, like it, compromises Internet-of-Things devices for launching Distribute-Denial-of-Service attacks. Using strong passwords and installing all available security patches are valuable steps for limiting the botnet's growth. The anti-malware products from most vendors also should uninstall Echobot's bots appropriately.
The Update that's Taking Advantage of a Lack of Them Elsewhere
Since going open-source, the IoT-hijacking Mirai Botnet is responsible for offspring like the mining attacks of the Satori Botnet and the DDoSing Bushido Botnet. This year is getting another revision of the Mirai Botnet's code, however, which aims at increasing the scope of the zombified PC network. It consists of a significant update to the previously-established Echobot.
Like its renowned ancestor, Echobot compromises IoT devices by either brute-force 'guessing' the login credentials or taking advantage of built-in software vulnerabilities that allow the execution of corrupted code by a remote attacker. The latter is the emphasis of this new version of Echobot, which includes additional exploit abuses, such as taking over an Oracle WebLogic Server, as well as injecting commands into VMWare cloud computing platforms and Linksys routers. Malware experts stress that not all of these vulnerabilities are new or recent – some are nearly ten years old but have not received a security fix from the vendor.
These techniques aren't unusual for any botnet, but their addition to Echobot implies that the Trojan is broadening the scope of its mission. Previous infection vectors focus on compromising random, vulnerable PC users' home hardware. The new builds of Echobot can continue doing so, but also will target NGOs, corporations, and government networks through the appropriate firmware weaknesses – in other words, enterprise-level targets.
Quieting the Echoes of Old Trojan Networks
While botnets are potential assets for threat actors conducting a range of crimes, DDoS attacks and the mining of cryptocurrencies like Bitcoin are associated with them closely. The essential precautions against infections from threats of Echobot's class include installing all updates and security patches for online systems and using sufficiently strong login combinations. The former will limit, if not eliminate, the presence of vulnerabilities, and the latter will keep brute-force tactics from compromising an account.
Since not all of Echobot's exploits are patchable, users should isolate any currently at-risk systems from networks and leave them offline, if it's possible. Disable remote access features like RDP if they're not in immediate use, turn off UPnP, and avoid using factory-default settings for any login credentials.
Infected devices, such as routers, webcams, and IP cameras, should flash back to their original states. Personal computers, on the other hand, should receive anti-malware scans for removing Echobot and related threats comprehensively.
The diligence of Echobot's maintainers should give anyone with a neglected IoT device, even if it's just a webcam, some cause for worrying. Even the oldest and most well-explored Trojans can get retrofitting that makes them an appropriate weapon for hackers in the present day.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Echobot may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.