14 DAY TRIAL // The FBI’s Internet Crime Complaint Center (IC3) has published an alert to warn users about a relatively new piece of malware dubbed Beta Bot. Beta Bot is mainly used by cybercriminals to steal personal and financial information. Social media sites, e-commerce sites, banks and online payment platforms are the main targets.
What’s interesting about this threat is that it’s designed to disable antivirus applications, and block users from accessing security websites that might help them clean up the infection.
Beta Bot is distributed via various methods, including USB drives or via Skype (users are redirected to malicious websites). The infection can start with a legitimate-looking fake User Account Control window which requests permission to allow “Windows Command Processor” to make changes to the system. If the victim complies, the attackers gain access to their system.
The FBI advises users not to authorize Windows Command Processor to make any changes to the system in case they see a pop-up window such as the one presented in the screenshot.
So how can you remove the threat if it blocks your antivirus? Here’s what the FBI recommends: “Remediation strategies for Beta Bot infection include running a full system scan with up-to-date anti-virus software on the infected computer.”
The advisory continues, “If Beta Bot blocks access to security sites, download the latest anti-virus updates or a whole new anti-virus program onto an uninfected computer, save it to a USB drive and load and run it on the infected computer. It is advisable to subsequently re-format the USB drive to remove any traces of the malware.”
Beta Bot has been around since January. In late May, RSA experts analyzed the rootkit.
“At this time it is not known whether Beta Bot will pick up momentum with cybercriminals; at least not until it beefs up its feature-set with additional capabilities that will create fans in the darker corners of the web,” RSA’s Limor Kessem noted at the time.