Arrest made over Andromeda botnet following operation involving the FBI, Europol and other authorities working with cyber security companies.
A major botnet operation incorporating millions of PCs and associated with over 80 different malware families has been taken down in an international cyber operation.
Authorities including the FBI, Europol’s European Cybercrime centre (EC3), the Joint Cybercrime Action Task Force, the Luneburg Central Criminal Investigation Inspectorate in Germany and the European Union’s Eurojust agency worked with private partners including Microsoft and ESET in order to dismantle the Andromeda botnet.
Also known as Gamarue, the Andromeda malware family was created in September 2011 with the purpose of stealing credentials and downloading and installing additional malware onto infected systems.
A crime-kit sold on the dark web, Gamarue offer high levels of customisation, allowing the user to build and deploy custom plugins – notable examples of malicious activity distributed using the self-service kit include building plugins to steal content entered into web forms while another allows attackers to control compromised systems.
The malware grew to be so prolific that it’s responsible for infecting over one million systems around the world every month, with Gamarue distributed in all manner of ways, including through social media, instant messaging, spam emails, exploit kits and more.
Such is the popularity of of Gamarue, the avalanche botnet spun off into 464 distinct botnets across 1,214 domains and IP addresses acting as the command and control servers.
But on 29 November 2017, the botnet was dismantled in a joint operation by law enforcement agencies and cyber security companies.
To read the original article: