A giant botnet behind one million malware attacks a month just got shut down

Image: iStock
A major botnet operation incorporating millions of PCs and associated with over 80 different malware families has been taken down in an international cyber operation.
Authorities including the FBI, Europol’s European Cybercrime centre (EC3), the Joint Cybercrime Action Task Force, the Luneburg Central Criminal Investigation Inspectorate in Germany and the European Union’s Eurojust agency worked with private partners including Microsoft and ESET in order to dismantle the Andromeda botnet.
Also known as Gamarue, the Andromeda malware family was created in September 2011 with the purpose of stealing credentials and downloading and installing additional malware onto infected systems.
A crime-kit sold on the dark web, Gamarue offer high levels of customisation, allowing the user to build and deploy custom plugins – notable examples of malicious activity distributed using the self-service kit include building plugins to steal content entered into web forms while another allows attackers to control compromised systems.
文件分享有许多风险。如果您没有检查和设置适当的配置,他人可能会访问到您电脑中的所有文件,包括您的邮件、医疗记录、照片或者其它的私人文档。
The malware grew to be so prolific that it’s responsible for infecting over one million systems around the world every month, with Gamarue distributed in all manner of ways, including through social media, instant messaging, spam emails, exploit kits and more.
Such is the popularity of of Gamarue, the avalanche botnet spun off into 464 distinct botnets across 1,214 domains and IP addresses acting as the command and control servers.
But on 29 November 2017, the botnet was dismantled in a joint operation by law enforcement agencies and cyber security companies.
See also: Defending against cyberwar: How the cybersecurity elite are working to prevent a digital apocalypse
The servers running the malicious network were identified by ESET researchers who built a bot to communicate with the Gamarue command and control server. Using this, ESET and Microsoft were able to track and identity the C&C servers over the course of 18 months. The information was then used to carry out the takedown of all the domains used by cybercriminals as C&C servers.
German law enforcement worked with the FBI and European authorities on investigations into the botnet, ultimately cumulating in its dismantling at the end of November and the arrest of a suspect in Belarus.

“This is another example of international law enforcement working together with industry partners to tackle the most significant cyber criminals and the dedicated infrastructure they use to distribute malware on a global scale,” said Steven Wilson, the Head of Europol’s European Cybercrime Centre.
刻不容缓地提升金融保险业信息安全意识
“The clear message is that public-private partnerships can impact these criminals and make the internet safer for all of us”.
A sink-holing operation has been deployed against over a thousand domains by the malicious software, resulting in two million Andromeda victim IP addresses from 223 countries being identified.
The sink-holding measures have been extended for at least another year, as authorities say 55 percent of systems infected by Avalanche are still infected today.
Andromeda was also used as part of the Avalanche network, which was dismantled almost exactly one year ago in an international operation.
READ MORE ON CYBER CRIMEThe most common malware, country by countryUS targets Kelihos botnet after Russian’s arrest in Spain [CNET]Botnets: Inside the race to stop the most powerful weapon on the internetNo more ransomware: How one website is stopping the crypto-locking crooks in their tracks How a consortium of security professionals took down the WireX Android botnet [TechRepublic]
Related Topics:
Security TV
Data Management
采用符合国际标准的信息安全意识培训课程,可以将您的员工员工打造为具有国际化竞争力的信息安全人,进而保障业务安全和加速业务拓展进程。

猜您喜欢

光附一张发票的费用报销是不完整的!_CFO商学院_中国贸易金融网
网络信息安全好歌曲
Cyber Security Law 网络安全法宣传视频《网络安全法》背景知识
赵丽颖零下6度穿透视裙走红毯 大呼:冻到流眼泪
QUINNPOPCORN WIGSUS
九章信安——信息安全管理体系实施课程