Bigdata

Bigdata is a malicious software (malware) that has been designed to exploit and damage computer systems. It infiltrates systems through dubious downloads, emails, or websites, often without the user's knowledge. Once inside a system, it can steal personal information, disrupt operations, or hold data hostage for ransom. The malware has been named "bigdata" due to its use of the 'schtasks /tn' (taskname) parameter in its persistence mechanism, as identified from the PDB path string. This name also appears in the URL path for Command and Control (C2) file list name exfiltration, indicating a strong correlation between the persistence mechanism and C2 communication. The discovery of bigdata was documented by Arbor Networks' ASERT team, as evidenced in their online reports. The malware framework introduces three common names: "yty", "setup.exe", and "bigdata". The latter is used in the malware's persistence mechanism, enabling it to maintain its presence and functionality even after system reboots or attempts at removal. Furthermore, the "bigdata" string was observed in the macro persistence mechanism, which reinforces its role in maintaining the malware's persistence within infected systems. The attacks carried out by bigdata primarily target ports 80 and 443 with HTTP POST requests. Despite various cyber threats, bigdata attacks remain the primary attack method of choice, demonstrating its effectiveness and the severity of the threat it poses. The malware's ability to exfiltrate data via its C2 infrastructure adds another layer of complexity to its operation, making it a significant cybersecurity concern.