Home / Uncategorized / A giant botnet behind a million malware attacks a month has just closed

A giant botnet behind a million malware attacks a month has just closed

An important botnet, which incorporated millions of computers and is associated with more than 80 different malware families, was eliminated in an international cyber operation.

Authorities such as the FBI, the European Cybercrime Center (EC3) of Europol, the Joint Action Group against Cybercrime, the Central Criminal Investigation Inspectorate of Luneburg in Germany and the Eurojust agency of the European Union worked with companies like Microsoft and ESET to dismantle the botnet created by Andromeda malware.

The Andromeda malware family, also known as Gamarue, was created in September 2011 with the aim of stealing credentials and downloading and installing additional malware on infected systems.

A crime game sold on the dark web, Gamarue offers high levels of customization, allowing the user to create and implement custom add-ons. Notable examples of malicious activity distributed through the self-service kit include add-ons to steal content entered in web forms, and others that allow attackers to control compromised systems.

The malware became so prolific that it is responsible for infecting more than one million systems around the world every month. Gamarue is distributed in many ways, including through social networks, instant messaging, unwanted emails, exploitation kits and more.

Such is the popularity of Gamarue, the infrastructure behind it covered 464 different botnets, while its command and control servers covered 1,214 domains and IP addresses.

But on November 29, 2017, the botnet created by Gamarue was dismantled in a joint operation by the law enforcement agencies and cybersecurity companies.

See also: Defending against cyberwar: How the cybersecurity elite is working to prevent a digital apocalypse


Image: iStock

ESET researchers identified the servers that run the malicious network and created a bot to communicate with the Gamarue command and control server. By using this, ESET and Microsoft were able to track and identify the C & C servers over the course of 18 months. The information was used to carry out the demolition of all the domains used by the cybercriminals as C & C servers.

The German police worked with the FBI and the European authorities in the investigations on the botnet, which finally culminated in its dismantling at the end of November and the arrest of a suspect in Belarus.

"This is another example of the application of international law that works together with industry partners to address the most important cybercriminals and the dedicated infrastructure they use to distribute malware on a global scale," said Steven Wilson, head of the European Center for Europol cybercrime. [19659003] "The clear message is that public-private partnerships can affect these criminals and make the internet safer for all of us."

A sink-holing operation has been deployed against more than a thousand domains used by malicious software, resulting in two million IP addresses of Andromeda victims from 223 countries identified.

The sinking measures have been extended for at least another year, as authorities say that 55 percent of the systems infected by Avalanche are still infected.

Gamarue was also used as part of the malicious Avalanche network, which was dismantled almost exactly a year ago in an international operation.

Recent and related coverage

This ransomware propagation bot will now also capture your desktop

The new upload included within the Necurs botnet attacks allows those who carry out malicious campaigns to verify if they are working and improve the updates.

Big bad botnets: 9 things you should know

Are you still listening about botnets but do not know what they are or how big and bad they can be? be? Then look at this breakdown of 60 seconds.


Source link

Leave a Reply