Fbot

Fbot is a Trojan botnet that hijacks Internet-of-Things or IoT hardware, such as routers and various devices running Linux. After doing so, Fbot can exploit the devices for attacks such as mining cryptocurrency or crashing websites with DDoS flooding. Users should maintain standard security practices for protecting all IoT products, reset them to factory conditions when appropriate, and have anti-malware services for removing threats related to Fbot from vulnerable PCs.

Another Resurrection of the Mirai Botnet of Yore

While the Mirai Botnet is an outdated entity in the threat landscape, much like Hidden Tear, the availability of its code to the world at large makes for an ongoing series of revivals and mutations of the Trojan. Fbot is a recent resurrection of it, particularly, which also shares code in common with the Satori Botet, a series of Trojans that hijack wallet addresses and preexisting miner software. Like its two ancestors, Fbot's intentions are, apparently, profit – off of the back of conquered IoT hardware.

Fbot is Linux-based and is a notable concern to users' home routers, although it may infect other IoT devices, as well. In some attacks, malware experts even can confirm cases of Fbot infections damaging the hardware and making it inoperable permanently, possibly, unintentionally. Currently, the Trojan botnet is self-propagating by methods such as software vulnerabilities or brute-forcing logins actively. However, its administrator is disabling most of the payload temporarily, for unknown reasons.

Issues that may arise from Fbot infections may include:

• Cryptocurrency mining that can generate money for threat actors by exploiting the available hardware resources, such as the CPU. It may do so by dropping a mining program or reconfiguring an already-present one, a la Satori Botnet.
• Fbot also may modify cryptocurrency wallet addresses for redirecting payments towards its threat actor.
• DDoS campaigns also are linked to botnets like Fbot's Trojan network heavily. These artificial floodings of traffic can crash websites for various unsafe purposes, including taking down bank servers for facilitating fraud and theft.

Keeping the Zombie Virus Out of Your Internet-of-Things

Botnets like the Fbot's network are often referred to as 'zombies,' due to the self-distributing nature of the Trojan 'bots' and their capacity for taking total control over the infected device or computer. However, both network administrators and the average Web surfer can implement simple protections that keep Fbot Trojans from finding any simple means of access. Firmware patches will remove vulnerabilities related to remote code execution, etc. while choosing appropriate passwords will keep a brute-force attack from cracking an account's login combination.

The Fbot is spreading without triggering the entirety of its payload currently, meaning that no mining activities, DDoSing or similar attacks are taking place. However, the threat actor could change this behavior at any time. Additionally, there also is the semi-unique risk of Fbot 'bricking' a router or other device through bugs or the intentional destruction of evidence.

Always reset compromised IoT devices to factory conditions immediately, and change passwords as soon as possible afterward. Additionally, anti-malware utilities may prove helpful for identifying symptoms, such as fabricated traffic from Fbot, or disinfecting a PC that experiences exposure to other threats through the Fbot network.

The real death of the Mirai Botnet awaits the demise of its business model. As long as cryptocurrency and traffic falsification make money, the Trojan will change its name to modern-day updates like the Linuxian Fbot.