We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

New Kraken bot variant discovered

Unpredictable bot Bobax difficult to spot

PC Tools today revealed that it has identified and disclosed the source code for a new variant of the Kraken bot, also known as 'Bobax'.

And the security vendor told PC Advisor the latest Kraken variant is a serious threat because it employs previously unseen detection-evasion techniques.

Sergei Shevchenko, Senior Malware Researcher, PC Tools, said: "PC Tools is revealing the details of the latest Kraken variant including the new list of domain names as well as the mathematical algorithm used.

"The source code of the Kraken domain name generation algorithm is disclosed in the interests of congregating all the knowledge about this bot so that other security specialists can benefit from it.

"The more collective knowledge security vendors have over this threat, the greater the chance the industry has of defeating it," said Shevchenko.

According to PC Tools' malware researchers, the latest Kraken variant is difficult to spot using traditional signature-based antimalware solutions. The latest variant of Kraken was first intercepted and blocked by behavioural-based antimalware software.

Malware researchers at PC Tools told PC Advisor that the new Kraken variant uses unpredictability to make it more different to spot - hence the relative merits of behavioural antimalware in this instance.

But the true benefit of using behavioural rather than signature-based security software is less clear cut, according to Kaspersky Lab. David Emm, senior technology consultant at Kaspersky, last week told PC Advisor that although behavioural software is a very useful part of a multilayered approach to security, in his view signatures retained primary importance.

"With the help of new technologies… it will be possible for a four-fold increase in the number of new signatures to combat the 10-fold increase in the number of new malicious programs," Emm said.

He added: "Such technologies allow one signature to successfully neutralise dozens or even hundreds of different types of malicious programs."

Never the less, both Kaspersky and PC Tools agree that behavioural protection forms a crucial part of your PC's defences. A PC Tools' spokeswoman told us that the company agreed with Kaspersky Lab that a multi-layered approach to security is the way to go. Signature detection would not, for instance, pick up a zero-day attack.

"Signatures are good but not enough. You need behaviour-based too," she said.

Visit Security Advisor for the latest internet threat news, and internet security product reviews

IDG UK Sites

Acer Aspire R11 review: Hands-on with the 360 laptop and tablet convertible

IDG UK Sites

Apple Watch release day: Twitter reacts

IDG UK Sites

See how Framestore created a shape-shifting, oil and metal based creature for Shell

IDG UK Sites

Apple Watch buying guide, price list & where to buy today: Which Apple Watch model, size, material,?......