December 5, 2017 by

FBI, Europol Put an End to Andromeda Botnet Menace

An international contingent of law-enforcement agencies has conclusively struck a blow to the massive Andromeda malware botnet, one of the longest-running malware families in existence.

Andromeda, a malware propagator whose main task was to distribute other malware, is associated with at-least 80 malware families and has been detected on or blocked on an average of over 1 million machines every month. The malware dispenser has been active since at least 2011 and enslaved machines into a botnet to spread its attacks.  Andromeda, aka Gamarue or Wauchos, is known for stealing credentials from victims as well as downloading and installing malware programs onto users’ systems, including spam bots. 

Now, a sweeping law enforcement operation that saw the likes of the FBI, the Luneburg Central Criminal Investigation Inspectorate in Germany, Europol’s European Cybercrime Centre (EC3), among others, has taken action against servers and domains used to spread the malware.

Authorities forced over 1500 domains of the malware into sinkholing, an action wherein traffic between infected computers and a criminal infrastructure is redirected to servers controlled by law enforcement authorities and/or an IT security company. An analysis by Microsoft revealed that during 48 hours of sinkholing, some 2 million unique Andromeda victim IP address from 223 countries were captured. Further, the investigation led to the search and arrest of a suspect in Belarus.

Europol’s European Cybercrime Centre chief Steven Wilson said:

This is another example of international law enforcement working together with industry partners to tackle the most significant cyber criminals and the dedicated infrastructure they use to distribute malware on a global scale. The clear message is that public-private partnerships can impact these criminals and make the internet safer for all of us.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Authorities Arrest ATM Malware Thieves for Stealing $3.2 Million

A sweeping law enforcement operation with agencies from Europe and Asia has seen five members of an...

Read more arrow_forward

Over 400 Dark Web (Tor) Sites Shut Down and 17 Arrested

The largest-ever operation against the hidden network website operators was conducted on November...

Read more arrow_forward