Home Malware Programs Botnets Wauchos Botnet

Wauchos Botnet

Posted: May 1, 2019

The Wauchos Botnet is a Trojan network that provides customized deliveries of other threats, as well as limited functionality for collecting confidential information. While the authorities are in control of its C&C network, any compromised systems remain at risk from the aftereffects of infections. Users should scan their PCs regularly and let their anti-malware tools delete Wauchos Botnet Trojans when appropriate since there are no easily-detectable symptoms of its attacks.

A Zombie Network that's Been Beheaded

The Wauchos Botnet is one of the longer-running examples of botnets in existence and owes its survivability to the threat actors' decentralized business structure and willingness of maintaining regular updates. However, a joint operation between the cyber-security industry and law enforcement gained control over its Command & Control network successfully – the critical infrastructure through which the Trojan 'bots' receive their commands. The outcome is a botnet that's mindless, but still threatening.

The Wauchos Botnet's history is rich with a range of different infection methods, courtesy of an equally diverse set of threat actors hiring and using it for their purposes. A comprehensive summarization includes e-mail and social media spam, drive-by-downloads using software exploits, and traversal over removable media, similarly to a worm. After it gets to its destination, the Trojan's payload consists of several significant features:

  • The Wauchos Botnet's bots may drop other threats on the system, as per the instructions of other threat actors. This mode of operation uses a 'pay-per-install' monetization policy, where criminals give upfront payments for distributing their threats throughout the Wauchos Botnet.
  • A less-than-usual feature in the Wauchos Botnet is its support for password-collecting behavior, which helps with compromising banking accounts, server admin accounts, etc.
  • Some of the Wauchos Botnet's defensive features may impact the safety of the PC, beyond its direct payload negatively. Bots may turn off Windows Defender, disable OS updates, open ports in the Windows Firewall or change UAC settings.

Taking Care Around Trojans with No Intelligence

The fact that the Wauchos Botnet can't receive any new orders, such as changing what threats it installs, is a sharp qualifier to the possible risks it offers to infected PCs. However, computer with all security services and updates crippled are ripe targets for other attacks, and any related threats may remain active and threatening. Additionally, as usual, malware analysts can confirm zero symptoms of visual notability around all Wauchos Botnet infections.

Users should prioritize enabling any Windows security features that aren't working for unknown reasons, and be careful while clicking on links from websites, social platforms or e-mail messages. Most Wauchos Botnet attacks utilize low-discrimination methods of circulating that don't target specific entities and use general-purpose templates for attacking a broad audience. Anti-malware tools with updated threat databases should, however, have no issues with removing the Wauchos Botnet's Trojans or most of the other threats it may drop.

Like the undead that a 'zombie' botnet lays claim to in its moniker, the Wauchos Botnet is dead but, still, moving. Windows users would be wise to limit its movements, and the damages, as best they can.

Loading...