PBot

Pbot is adware that has several features that can be used to avoid detection from anti-virus programs. PC security researchers first observed Pbot on April 19, 2018. Pbot seems to target computers located outside of Russia specifically and seems to inject its scripts on Web pages while avoiding websites that receive traffic from locations that have Russian as their primary language. Because of this, it is likely that Pbot was created by con artists based in Russia, who will often add exceptions to their attacks so that they will avoid computer systems with a Russian keyboard layout or other identifiers that would pinpoint a computer as based in Russia or a Russian speaking location specifically.

What is the Distribution Method Used by Pbot

Pbot is installed by using social engineering, which installs a fake application named 'MinerBlocker' onto the victim's computer. Pbot may be installed in several ways. The con artists may take advantage of software that is out of date, a lack of security patches, and outdated versions of Web browser components such as Adobe Flash or of platforms like Java. Pbot is distributed by convincing the computer users to install 'MinerBlocker,' supposedly a program that helps computer users delete and stop cryptocurrency mining malware. However, instead, Pbot is installed on the victim's computer.

How Pbot Works

Pbot is based on Python and will affect most commonly used Web browsers, which may include Internet Explorer, Google Chrome and numerous others. Along with Pbot, different components and language resources used by Python software also may be installed onto the victim's computer. Once installed, Pbot will load several layers and a Web proxy onto the victim's computer. Pbot installs several Python scripts, named 'ml.py,' 'httpfilter.py,' and 'httpfilter.bin,' to affect the websites being loaded on the affected Web browser. By using these scripts, the con artists can alter what the victim's view on their Web browser. Pbot can communicate with its Command and Control servers and load fake security certificates to set up fake Web proxies and redirect the victims' traffic. This allows the con artists to use Pbot to display unsafe advertising onto the victim's computer, as well as affect what content the victims view or to force the victims to visit certain websites against their will. Pbot includes both 64 and 32-bit versions to carry out its attack.

It is not that Hard to Detect the Presence of Pbot on a Computer

Pbot does not have strong obfuscation measures. On the surface, Pbot looks like a legitimate and safe program. Pbot also is capable of loading advertisements that will undo the protections of advertising blocking software. However, PC security researchers suspect that there is more to Pbot than simply the display of advertisements. The way Pbot hooks into the victim's software and processes and the way it carries out its attack make it possible for Pbot to be used to carry out more severe attacks or be used in more sophisticated threats.

Dealing with and Protecting Your PC from Adware Like Pbot

The best protection against Pbot is to have a fully updated anti-malware program installed on your computer. It is also necessary to be extra careful when installing any new software. Pbot is distributed by disguising it as a legitimate program. Obtaining software only from reputable sources rather than from shady websites, emails or online advertising can help computer users avoid infecting their computers with malware like Pbot or other adware or unwanted components that can be used to affect their online experience.