Blog | G5 Cyber Security

Inside the Black Energy 2 Botnet

Cybercriminals use a variety of bots to conduct DDoS attacks on Internet servers. Kaspersky Lab has identified and implemented detection for over 4,000 modifications of Black Energy. Black Energy 2 has a protective protective layer that hides the malicious payload from antivirus products. Each task is performed by a different component of the malicious program, such as a decryptor driver. The decrypted data is an infector driver which will inject a DLL into the user-mode process. The DLL is stored in the.bdata section of the infector.

Source: https://threatpost.com/inside-black-energy-2-botnet-072110/74236/

Exit mobile version