ESET unites with Microsoft and law enforcement agencies to disrupt Gamarue botnets

Share

The worldwide partners took action against servers and domains used to spread the Andromeda malware.

Organizations participating in the Andromeda investigation included the Europol European Cybercrime Center, the FBI, the Luneburg Central Criminal Investigation Inspectorate in Germany, the Joint Cybercrime Action Task Force, Eurojust and private-sector partners.

Additionally, during the operation, law enforcement has arrested a man in Belarus which might be the leader in Andromeda cybercrime gang.

In a separate statement, Europol, quoting Microsoft, said that the Andromeda's "main goal was to distribute other malware families" and that the malware and associated botnet "was associated with 80 malware families and, in the last six months...was detected on or blocked an average of over 1 million machines every month". Linked with 80 malware families, Andromeda has been detected on or blocked on almost 1.1 million machines every month on average over the past six months.

A crime-kit sold on the dark web, Gamarue offer high levels of customisation, allowing the user to build and deploy custom plugins - notable examples of malicious activity distributed using the self-service kit include building plugins to steal content entered into web forms while another allows attackers to control compromised systems. He is also the developer of the Win32/Gamarue HTTP bot, the Windows SMTP Bruter v.1.2.3 and the "Swf-Inj Service" that hijacks web traffic using malware.

Microsoft approached ESET and together they tracked Gamarue's botnets for a year and a half. It took Microsoft and ESET 18 months to identify the command and control communications behind Gamarue and then provide that information to the authorities. However, they did not name the suspect.

"This is another example of worldwide law enforcement working together with industry partners to tackle the most significant cybercriminals and the dedicated infrastructure they use to distribute malware on a global scale".

"This particular threat has been around for several years now and it is constantly reinventing itself - which can make it hard to monitor".

One of the malware families cited was the Avalanche Network, a botnet network that at one stage was responsible for two-thirds of all phishing attacks globally that brought down following a four-year investigation by global law enforcement agencies in December 2016. From there ESET and Microsoft were able to not only able to track the botnet but also locate the aforementioned servers.

More than 1,500 malicious domains used to control the botnet were subject to sinkholing and all traffic from infected computers were rerouted to less risky sites. The clear message is that public-private partnerships can impact these criminals and make the internet safer for all of us, ' said Steven Wilson, the Head of Europol's European Cybercrime Centre.

The operation to eliminate the Andromeda botnet also resulted in sinkholing of 1500 domains of the malicious software, as well as the capturing of approximately 2 million unique Andromeda victim IP addresses from 223 countries.

Share

Advertisement

Related Posts

Shraddha Kapoor to pair with Rajkumar Rao in horror comedy
Rajkummar Rao has had a wonderful year so far and with this announcement, it looks like he's preparing for an even better 2018. The actor's recent variation in roles and characters suggest that the National Award victor is in search of a challenge.

Canadian government cancels jet purchase deal with Boeing
According to the USA firm, its commercial and defense operations in Canada support more than 17,000 Canadian jobs. Canada is also in the market for more modern aircraft to replace its 30-year-old fleet of F-18s.

Apple's Cook sees Tencent as 'great partner'
The US tech giant said earlier it had moved its Chinese cloud data onto the servers of a local partner in the Chinese province of Guizhou.

Jamia Millia Islamia student found dead inside his auto near Sarojini Market
Police said that it was Rizwan's father who found him lying in a pool of blood inside the vehicle parked outside the girl's house. A bullet injury was found on the right temple of the body. "A team of forensic experts have collected samples", the officer said.

The Eagle Bancorp, Inc. (EGBN) Upgraded to "Outperform" by FIG Partners
Finally, Boenning Scattergood reissued a "buy" rating on shares of Eagle Bancorp in a research note on Thursday, October 19th. Bontempo Ohly Capital Mgmt Llc sold 11,982 shares as the company's stock declined 9.03% while stock markets rallied.

U.S. defence secretary Mattis seeks more cooperation with Pakistan on terror fight
Mattis' trip to Pakistan comes at the end of a short trip to the region, including stops in Egypt, Jordan and Kuwait. He said Pakistani leaders went to Kabul and met with Afghan President Ashraf Ghani.

Ola driver harassed, locked woman inside cab; heres what happened
The driver took her to a deserted spot on the Ring Road in south east Bengaluru and suddenly stopped, the woman said. Fearing an attack by Reddy, the woman approached the Madivala police and informed them about the incident.

Yemeni women protest for body of slain leader Saleh
The country is now facing what the United Nations has described as the world's worst humanitarian crisis . He called for his father's backers to "take back Yemen from the Iranian Houthi militias".

Marvel have announced a Wolverine podcast and it sounds deady
The agents team up with deputy Bobby Reid (Andrew Keenan-Bolger) to investigate their main suspect, Logan ( Richard Armitage ). Instead, Wolverine will be voiced by Richard Armitage, who played Thorin Oakenshield in The Hobbit trilogy.

American voters aren't happy about the GOP's tax plan
Those same swing voters favor Democrats over Republicans for control of the House and Senate next year by 15 percentage points. As of Wednesday, the bill had average ratings of 32% approval and 46% disapproval, based on polls from five organizations.

© 2015 ExpressNewsline. All Rights reserved.