Beebone

Beebone is a dangerous family of Trojan downloaders that have been prevalent since early 2012 in attacks carried out in the wild. Beebone attacks have been closely associated with dangerous rootkit infections such as the infamous Sirefef bootkit. It is important to note that any Trojan in the Beebone family poses a dangerous threat to the computer it infects. Rather than being the objective of a multi-component malware attack, Beebone is used to install other malware on the victim's computer, deleting itself afterward in order to prevent computer security researchers from studying these Trojans more closely. Malware in the Beebone family can enter a computer using several ways. The two most utilized involve tricking the computer user into downloading Beebone themselves, often disguising Beebone as an innocuous PDF or DOC file, and using exploit kits that inject the Beebone Trojan into the victim's computer when the victim visits an attack website.

Malware in the Beebone family are typically written in Visual Basic and are designed to connect to a remote server in order to download other malware that is then installed on the victim's computer. One of the characteristics of Beebone Trojans that makes them particularly vicious is the advanced obfuscation used to hide these malware attacks. It is important to note that these kinds of Trojans are designed to infect a computer without alerting the victim. Because of this, computer users will seldom detect symptoms of a Beebone malware infection itself. This is particularly useful when criminals want to install malware that relies on staying hidden on the infected computer, such as banking or surveillance Trojans. If a computer user's anti-virus software is fully updated, it may display an alert at the moment of a Beebone infection.

Once the Beebone Trojan has infected a computer, Beebone downloads dangerous files from a remote server and then executes them. Different versions of the Beebone Trojan can be customized to download malicious content from different malicious URLs. The download location can be altered as well, although the vast majority of Beebone infections will download malicious content into the USERPROFILE directory. Trojans in the Beebone family will typically download dangerous rootkit infections or RATs such as Acbot, Sirefef, or Vobfus, all of which are considered extremely dangerous malware threats.