ESET unites with Microsoft and law enforcement agencies to disrupt Gamarue botnets

Share

The worldwide partners took action against servers and domains used to spread the Andromeda malware.

Organizations participating in the Andromeda investigation included the Europol European Cybercrime Center, the FBI, the Luneburg Central Criminal Investigation Inspectorate in Germany, the Joint Cybercrime Action Task Force, Eurojust and private-sector partners.

Additionally, during the operation, law enforcement has arrested a man in Belarus which might be the leader in Andromeda cybercrime gang.

In a separate statement, Europol, quoting Microsoft, said that the Andromeda's "main goal was to distribute other malware families" and that the malware and associated botnet "was associated with 80 malware families and, in the last six months...was detected on or blocked an average of over 1 million machines every month". Linked with 80 malware families, Andromeda has been detected on or blocked on almost 1.1 million machines every month on average over the past six months.

A crime-kit sold on the dark web, Gamarue offer high levels of customisation, allowing the user to build and deploy custom plugins - notable examples of malicious activity distributed using the self-service kit include building plugins to steal content entered into web forms while another allows attackers to control compromised systems. He is also the developer of the Win32/Gamarue HTTP bot, the Windows SMTP Bruter v.1.2.3 and the "Swf-Inj Service" that hijacks web traffic using malware.

Microsoft approached ESET and together they tracked Gamarue's botnets for a year and a half. It took Microsoft and ESET 18 months to identify the command and control communications behind Gamarue and then provide that information to the authorities. However, they did not name the suspect.

"This is another example of worldwide law enforcement working together with industry partners to tackle the most significant cybercriminals and the dedicated infrastructure they use to distribute malware on a global scale".

"This particular threat has been around for several years now and it is constantly reinventing itself - which can make it hard to monitor".

One of the malware families cited was the Avalanche Network, a botnet network that at one stage was responsible for two-thirds of all phishing attacks globally that brought down following a four-year investigation by global law enforcement agencies in December 2016. From there ESET and Microsoft were able to not only able to track the botnet but also locate the aforementioned servers.

More than 1,500 malicious domains used to control the botnet were subject to sinkholing and all traffic from infected computers were rerouted to less risky sites. The clear message is that public-private partnerships can impact these criminals and make the internet safer for all of us, ' said Steven Wilson, the Head of Europol's European Cybercrime Centre.

The operation to eliminate the Andromeda botnet also resulted in sinkholing of 1500 domains of the malicious software, as well as the capturing of approximately 2 million unique Andromeda victim IP addresses from 223 countries.

Share

Advertisement

Related Posts

The Eagle Bancorp, Inc. (EGBN) Upgraded to "Outperform" by FIG Partners
Finally, Boenning Scattergood reissued a "buy" rating on shares of Eagle Bancorp in a research note on Thursday, October 19th. Bontempo Ohly Capital Mgmt Llc sold 11,982 shares as the company's stock declined 9.03% while stock markets rallied.

Apple TV will finally get Amazon Prime Video
Given the benefit to both Prime Video and Apple TV users, it's good to see they can agree on at least one thing. The app and partnership was originally announced in June during Apple's annual developer conference.

Ola driver harassed, locked woman inside cab; heres what happened
The driver took her to a deserted spot on the Ring Road in south east Bengaluru and suddenly stopped, the woman said. Fearing an attack by Reddy, the woman approached the Madivala police and informed them about the incident.

Top Stock of Tuesday: The Walt Disney Company (DIS)
The firm earned "Hold" rating on Thursday, March 23 by Canaccord Genuity. (NYSE:NKE) on Friday, September 8 with "Buy" rating . The investor is now holding $22.87 million shares due in part to a decrease of 8.92 million new shares in their portfolio.

Yemeni women protest for body of slain leader Saleh
The country is now facing what the United Nations has described as the world's worst humanitarian crisis . He called for his father's backers to "take back Yemen from the Iranian Houthi militias".

Marvel have announced a Wolverine podcast and it sounds deady
The agents team up with deputy Bobby Reid (Andrew Keenan-Bolger) to investigate their main suspect, Logan ( Richard Armitage ). Instead, Wolverine will be voiced by Richard Armitage, who played Thorin Oakenshield in The Hobbit trilogy.

Here's How Much the Special Counsel Has Cost So Far
CNN reported that investigators are scrutinizing Trump and his associates' financial ties to Russian Federation . Since the probe began in May, the special counsel has charged four people, two of whom have pleaded guilty.

Angels agree to terms with top 17-year-old prospect Kevin Maitan
That will make him the Angels' No. 1 prospect immediately, as their previous top prospect, Jo Adell, wasn't even in the Top 100. They still have $1.315 million to offer Ohtani, though the Japanese superstar does not appear to be concerned with money.

U.S. defence secretary Mattis seeks more cooperation with Pakistan on terror fight
Mattis' trip to Pakistan comes at the end of a short trip to the region, including stops in Egypt, Jordan and Kuwait. He said Pakistani leaders went to Kabul and met with Afghan President Ashraf Ghani.

Shraddha Kapoor to pair with Rajkumar Rao in horror comedy
Rajkummar Rao has had a wonderful year so far and with this announcement, it looks like he's preparing for an even better 2018. The actor's recent variation in roles and characters suggest that the National Award victor is in search of a challenge.

© 2015 ExpressNewsline. All Rights reserved.