Global team takes down virus-spewing Andromeda botnet

Share

A major botnet operation incorporating millions of PCs and associated with over 80 different malware families has been taken down in an worldwide cyber operation.

Tech firms ESET and Microsoft collaborated with the FBI, Interpol, Europol, and others to execute a coordinated take-down of the malware responsible for spreading the botnet.

Law enforcement has dismantled the Andromeda malware family, which has been infecting computers since 2011.

Global investigations led the FBI to a suspect in Belarus, who was arrested by Belorussian law enforcement authorities on November 29th.

A joint operation involving Germany, the United States and Belarus has taken down a malware system known as "Andromeda" or "Gamarue" that infected more than 2 million computers globally, Europol said on Tuesday. Over the past six months, it has been detected or blocked on an average of almost 1.1 million machines a month.

Created by cybercriminals in September 2011, and sold as a crime-kit on the Dark Web in underground forums, the objective of the Gamarue family was to steal credentials and to download and install additional malware onto users' systems. He is also the developer of the Win32/Gamarue HTTP bot, the Windows SMTP Bruter v.1.2.3 and the "Swf-Inj Service" that hijacks web traffic using malware.

ESET and Microsoft researchers shared technical analysis, statistical information, and known command control (C&C) servers' domains to help disrupt the malicious activity of the group. Microsoft and ESET researchers provided detailed information about that infrastructure to law enforcement agencies around the world. However, they did not name the suspect.

Wells Fargo & Company (WFC) Given Daily Coverage Optimism Rating of 0.10
The shares were sold at an average price of $56.90, for a total value of $3,983,000.00. 111,673 are held by Gamco Investors Et Al. After $1.04 actual EPS reported by Wells Fargo & Company for the previous quarter, Wall Street now forecasts 0.00% EPS growth.

Boutin added that "by using ESET Threat Intelligence and by working collaboratively with Microsoft researchers, we have been able to keep track of changes in the malware's behavior and consequently provide actionable data which has proven invaluable in these takedown efforts".

The Gamarue botnet has been plaguing computers since 2011 and infected more than 1.1 million systems per month and heavily infected many countries in Asia.

"Insights gained during the Avalanche case by the investigating German law enforcement entities were shared, via Europol, with the FBI and supported this year's investigations to dismantle the Andromeda malware last week", Europol said.

"This is another example of worldwide law enforcement working together with industry partners to tackle the most significant cybercriminals and the dedicated infrastructure they use to distribute malware on a global scale", Steven Wilson, head of Europol's European Cybercrime Centre, said in a statement.

"The clear message is that public-private partnerships can impact these criminals and make the internet safer for all of us".

Information was sent to the sinkhole from more than 2 million unique internet addresses in the first 48 hours after the operation began on November 29, Europol said.

Once the PC is infected, it connects to the command-and-control server to join the Andromeda botnet and distribute other high-risk computer infections.

Share