December 5, 2017 by

FBI, Europol Put an End to Andromeda Botnet Menace

An international contingent of law-enforcement agencies has conclusively struck a blow to the massive Andromeda malware botnet, one of the longest-running malware families in existence.

Andromeda, a malware propagator whose main task was to distribute other malware, is associated with at-least 80 malware families and has been detected on or blocked on an average of over 1 million machines every month. The malware dispenser has been active since at least 2011 and enslaved machines into a botnet to spread its attacks.  Andromeda, aka Gamarue or Wauchos, is known for stealing credentials from victims as well as downloading and installing malware programs onto users’ systems, including spam bots. 

Now, a sweeping law enforcement operation that saw the likes of the FBI, the Luneburg Central Criminal Investigation Inspectorate in Germany, Europol’s European Cybercrime Centre (EC3), among others, has taken action against servers and domains used to spread the malware.

Authorities forced over 1500 domains of the malware into sinkholing, an action wherein traffic between infected computers and a criminal infrastructure is redirected to servers controlled by law enforcement authorities and/or an IT security company. An analysis by Microsoft revealed that during 48 hours of sinkholing, some 2 million unique Andromeda victim IP address from 223 countries were captured. Further, the investigation led to the search and arrest of a suspect in Belarus.

Europol’s European Cybercrime Centre chief Steven Wilson said:

This is another example of international law enforcement working together with industry partners to tackle the most significant cyber criminals and the dedicated infrastructure they use to distribute malware on a global scale. The clear message is that public-private partnerships can impact these criminals and make the internet safer for all of us.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Authorities Arrest ATM Malware Thieves for Stealing $3.2 Million

A sweeping law enforcement operation with agencies from Europe and Asia has seen five members of an...

Read more arrow_forward

Over 400 Dark Web (Tor) Sites Shut Down and 17 Arrested

The largest-ever operation against the hidden network website operators was conducted on November...

Read more arrow_forward