Scary Windows wormable botnet is spreading — how to protect yourself

(Image credit: Laptop Mag)

Researchers say a botnet targeting Windows-based devices is growing exponentially in size due to a new infection method that allows the malware to spread from computer to computer.

Known as the Purple Fox malware, which was first noticed in 2018, the attack has been spreading via phishing emails and exploit kits, which is a way many threat groups use to infect devices using known security flaws.

Recently, researchers Amit Serper and Ophir Harpaz, who work at security firm Guadicore, released a blog post revealing the new infection threat and stated that the malware now targets internet-facing Windows devices with weak passwords, which grant the malware the opportunity to spread quickly.

The updated malware tries to enter Windows systems by guessing weak user passwords and targeting a server's message block or SMB. An SMB is a component that lets Windows communicate with other devices, such as printers and file servers. If that isn't bad enough up for you, it sadly gets worse.

Once the malware gains access by finding a vulnerable computer, it totes along with a malicious payload of over 2,000 older compromised Windows web servers and silently installed a rootkit, keeping it anchored to your computer while making itself nearly undetectable and hard to remove. Once it has infected your system, it will close the ports behind itself in the firewall to infect your computer in the first place. Then it prevents reinfection or other threat groups from trying to hack your already hacked system.

Sadly, this botnet is even worse than a bad relationship. Its malware then generates lists of internet addresses then scans the internet for vulnerable devices with weak passwords like yours to infect further, thus creating an endless, constantly growing network of captured infected devices. This lets attackers set it and forget and develop more creative ways to ruin our days.

Obviously, it's working because Purple Fox infections have shot up a staggering 600% since last May of 2020, and infection numbers are more than likely higher than that.

Sadly, even Guardicore has no clue as to the intention of this threat, with Serper saying, "We assume that this is laying the groundwork for something in the future." Guardicore has published a list of indicators to help networks identify if they've been infected. With that said, stay vigilant, my friends, and please change that weak password; you know which ones I'm talking about. The ones that are usually + insert last name and 123. Stop that!

H/T TechCrunch

Mark has spent 20 years headlining comedy shows around the country and made appearances on ABC, MTV, Comedy Central, Howard Stern, Food Network, and Sirius XM Radio. He has written about every topic imaginable, from dating, family, politics, social issues, and tech. He wrote his first tech articles for the now-defunct Dads On Tech 10 years ago, and his passion for combining humor and tech has grown under the tutelage of the Laptop Mag team. His penchant for tearing things down and rebuilding them did not make Mark popular at home, however, when he got his hands on the legendary Commodore 64, his passion for all things tech deepened. These days, when he is not filming, editing footage, tinkering with cameras and laptops, or on stage, he can be found at his desk snacking, writing about everything tech, new jokes, or scripts he dreams of filming.

Latest

You won't get an affordable Apple Vision Pro in 2025, but there's a perfect VR headset you can buy now

See more latest ►

Stay in the know with Laptop Mag

Most Popular