Cyber criminals have developed a new bot under the name “Beta Bot” which applies a refined method for the construction of a botnet. When installed on a system, Beta Bot checks whether one of 30 virus scanners are installed on the system or not. it can detect all of them very easily at the moment. Beta Bot is then able to turn off the virus scanner and thus prevent subsequent identification.
Beta Bot hunts for a list of known security products it is said to target. Upon finding one of those installed programs, the bot starts its attacks. Doing so, it prepares itself to attack the Anti virus program by killing all processes, disabling auto updates or simply by disabling important registry keys. Depending on the type of security product installed on the victim’s PC, Beta Bot also tries to circumvent firewalls by injecting certain routines into programs that are usually allowed to pass the firewall, like for example Internet Explorer.
In order to obtain the necessary admin rights, the beta bot trusts on the gullibility of the user. Since a virus scanner can only be deactivated with admin rights, Beta Bot uses dirty tricks to get this job done. First, a window opens and indicates a hard drive problem. This false message plays on the user’s fear of losing data and prompts the user to repair damaged files. The user must choose one of two options: “Restore Files” or “Restore files and perform a disk check.”
This is the point when the user access control (UAC) is launched. This must confirm as usual the User Account Control (UAC) of the user. The beta bot dislays a fake error message about a corrupted folder even before the UAC query whose data can only be restored using the following wizard. The user then clicks on the “Yes” button UAC, the command prompt automatically starts the beta bot with admin rights, which it can then turn off the virus scanner successfully. Since all these queries and request have something to do with the windows-own-service issues, and the user is tempted to trust such a prompt, as it seems to come from Microsoft Windows itself and this behavior is exactly what beta Bot wants to exploit. As a result the users easily fall prey to BetaBot-Trick and clicks “OK” and the BetaBot’s job is done.
In addition to DDoS attacks, BetaBot also allows its authors remote access to the victim’s PC. According to G-Data security experts, Beta Bot costs on the black market around 630 US$ and is therefore quite inexpensive.
As long as virus scanners, including browser plug-ins and other security software is up to date on the PC, the malware will not be easily able to access the system. Always check the details of the error messages carefully by googling and deny the admin rights in case of any doubt. Do not click on any suspicious message.