An international contingent of law-enforcement agencies has conclusively struck a blow to the massive Andromeda malware botnet, one of the longest-running malware families in existence.
Andromeda, a malware propagator whose main task was to distribute other malware, is associated with at-least 80 malware families and has been detected on or blocked on an average of over 1 million machines every month. The malware dispenser has been active since at least 2011 and enslaved machines into a botnet to spread its attacks. Andromeda, aka Gamarue or Wauchos, is known for stealing credentials from victims as well as downloading and installing malware programs onto users’ systems, including spam bots.
Now, a sweeping law enforcement operation that saw the likes of the FBI, the Luneburg Central Criminal Investigation Inspectorate in Germany, Europol’s European Cybercrime Centre (EC3), among others, has taken action against servers and domains used to spread the malware.
Authorities forced over 1500 domains of the malware into sinkholing, an action wherein traffic between infected computers and a criminal infrastructure is redirected to servers controlled by law enforcement authorities and/or an IT security company. An analysis by Microsoft revealed that during 48 hours of sinkholing, some 2 million unique Andromeda victim IP address from 223 countries were captured. Further, the investigation led to the search and arrest of a suspect in Belarus.
Europol’s European Cybercrime Centre chief Steven Wilson said:
This is another example of international law enforcement working together with industry partners to tackle the most significant cyber criminals and the dedicated infrastructure they use to distribute malware on a global scale. The clear message is that public-private partnerships can impact these criminals and make the internet safer for all of us.
Image credit: Pixabay.
