Authorities Take Down Andromeda Botnet

网站安全性令人担忧,针对网站系统和管理员的攻击越来过越多,往往成功的攻击可以带来大量的回报,所以加强IT管理员的安全意识培训更是重要。
The Federal Bureau of Investigation (FBI) and law enforcement agencies in Europe managed to dismantle the Andromeda botnet last week.
Also known as Gamarue, Andromeda malware has been around since 2011 and used to ensnare the infected computers into a botnet. The main purpose of this network of infected machines was to distribute other malware families, including the Dridex banking Trojan or point-of-sale (PoS) malware GamaPoS.
In a FortiGuard Labs report detailing the top 5 methods used to attack healthcare in Q4, 2016, Andromeda emerged as the top botnet.
Packing a loader that features virtual machine and debug evasion techniques, Andromeda downloads modules and updates from its command and control (C&C) server. Overall associated with 80 malware families, the threat was detected on or blocked on an average of over 1 million computers every month for the past six months.
The takedown, a joint effort from the FBI, the Luneburg Central Criminal Investigation Inspectorate in Germany, Europol’s European Cybercrime Centre (EC3), the Joint Cybercrime Action Task Force (J-CAT), Eurojust, and private-sector partners, was performed on November 29.
The operation was the result of information gathered following last year’s shut down of a large criminal network known as Avalanche, a platform used for mass global malware attacks and money mule recruiting. Andromeda was also used in the Avalanche network.
“Insights gained during the Avalanche case by the investigating German law enforcement entities were shared, via Europol, with the FBI and supported this year’s investigations to dismantle the Andromeda malware last week,” a Europol announcement reads.
Investigators focused on taking down servers and domains used to spread the Andromeda malware and resulted in the sinkholing of 1500 domains. 48 hours of sinkholing resulted in around 2 million unique Andromeda victim IP addresses from 223 countries being captured.
The takedown operation also included the search and arrest of a suspect in Belarus.
The investigators also decided to extend the sinkhole measures of the Avalanche case for another year, as globally 55% of the computers originally infected in Avalanche continue to be infected.
The measures to combat Andromeda and Avalanche involved the following countries: Austria, Belgium, Finland, France, Italy, the Netherlands, Poland, Spain, the United Kingdom, Australia, Belarus, Canada, Montenegro, Singapore, and Taiwan.
网络安全意识——安全与互联网接入分享便利性之间的平衡
Private and institutional partners involved in the takedown include: Shadowserver Foundation, Microsoft, Registrar of Last Resort, Internet Corporation for Assigned Names and Numbers (ICANN) and associated domain registries, Fraunhofer Institute for Communication, Information Processing and Ergonomics (FKIE), and the German Federal Office for Information Security (BSI). 
“This is another example of international law enforcement working together with industry partners to tackle the most significant cyber criminals and the dedicated infrastructure they use to distribute malware on a global scale. The clear message is that public-private partnerships can impact these criminals and make the internet safer for all of us,” Steven Wilson, the Head of Europol’s European Cybercrime Centre, said.
Related: Global Police Smash Huge Online Crime Network: Europol
Related: These Were the Top Threats Targeting Healthcare Firms in Q4 2016

互联网系统的用户和密码的管理是令人头痛的事,光是登记注册的过程就够累人了,如果有多套密码,要记住各个网站的密码也是一件不小的挑战。

猜您喜欢

风投之王吉姆 布雷耶:中国将引领AI发展趋势
免费注册信息系统安全师CISSP在线培训
Cyber Security Law 网络安全法宣传视频《网络安全法》背景知识
教育部:高中纳入义务教育条件不具备 取消中考不实
GRAND-SHOPPING VIRGINIAK
网络信息安全小调