A new version of the Dofoil botnet has been detected, which is deemed to be “much more dangerous and aggressive than before”.
According to research by Fortinet, Dofoil, also known as Smoke Loader, is a modularised botnet that has existed for a few years but not seen any new variants recently.
However in September 2014, Fortinet received a brand new Dofoil variant which carries more features, including encrypted communication, several checks to detect if it is currently running in a debugger or a virtual machine and a double map code injection technique – a new injecting mechanism that has appeared only in the last two years.
VIEW FULL STORY