Jump to content

Andromeda botnet dismantled in international cyber operation

Recommended Posts

On 29 November 2017, the Federal Bureau of Investigation (FBI), in close cooperation with the Luneburg Central Criminal Investigation Inspectorate in Germany, Europol’s European Cybercrime Centre (EC3), the Joint Cybercrime Action Task Force (J-CAT), Eurojust and private-sector partners, dismantled one of the longest running malware families in existence called Andromeda (also known as Gamarue).

This widely distributed malware created a network of infected computers called the Andromeda botnet[1] . According to Microsoft, Andromeda’s main goal was to distribute other malware families. Andromeda was associated with 80 malware families and, in the last six months, it was detected on or blocked an average of over 1 million machines every month. Andromeda was also used in the infamous Please login or register to see this link. in 2016.

Steven Wilson, the Head of Europol’s European Cybercrime Centre: “This is another example of international law enforcement working together with industry partners to tackle the most significant cyber criminals and the dedicated infrastructure they use to distribute malware on a global scale. The clear message is that public-private partnerships can impact these criminals and make the internet safer for all of us.”

One year ago, on 30 November 2016, after more than four years of investigation, the Public Prosecutor’s Office Verden and the Luneburg Police in Germany, the United States Attorney’s Office for the Western District of Pennsylvania, the Department of Justice, the FBI, Europol, Eurojust and global partners, had dismantled the international criminal infrastructure Avalanche. This was used as a delivery platform to launch and manage mass global malware attacks such as Andromeda, and money mule recruitment campaigns.

Insights gained during the Avalanche case by the investigating German law enforcement entities were shared, via Europol, with the FBI and supported this year’s investigations to dismantle the Andromeda malware last week.

Jointly, the international partners took action against servers and domains, which were used to spread the Andromeda malware. Overall, 1500 domains of the malicious software were subject to sinkholing[2] . According to Microsoft, during 48 hours of sinkholing, approximately 2 million unique Andromeda victim IP addresses from 223 countries were captured. The involved law enforcement authorities also executed the search and arrest of a suspect in Belarus.

Simultaneously, the German sinkhole measures of the Avalanche case have been extended by another year. An extension of this measure was necessary, as globally 55 per cent of the computer systems originally infected in Avalanche are still infected today.

The measures to combat the malicious Andromeda software as well as the extension of the Avalanche measures involved the following EU Member States: Austria, Belgium, Finland, France, Italy, the Netherlands, Poland, Spain, the United Kingdom, and the following non-EU Member States: Australia, Belarus, Canada, Montenegro, Singapore and Taiwan.

The operation was supported by the following private and institutional partners: Shadowserver Foundation, Microsoft, Registrar of Last Resort, Internet Corporation for Assigned Names and Numbers (ICANN) and associated domain registries, Fraunhofer Institute for Communication, Information Processing and Ergonomics (FKIE), and the German Federal Office for Information Security (BSI).

The operation was coordinated from the command post hosted at Europol’s HQ.

[1] Botnets are networks of computers infected with malware, which are under the control of a cybercriminal. Botnets allow criminals to harvest sensitive information from infected computers, such as online banking credentials and credit card information. A criminal can also use a botnet to perform cyberattacks on other computer systems, such as denial-of-service attacks.

[2] Sinkholing is an action whereby traffic between infected computers and a criminal infrastructure is redirected to servers controlled by law enforcement authorities and/or an IT security company. This may be done by assuming control of the domains used by the criminals or IP addresses. When employed at a 100% scale, infected computers can no longer reach the criminal command-and-control computer systems and criminals can therefore no longer control the infected computers. The sinkholing infrastructure captures victims’ IP addresses, which can subsequently be used for notification and follow-up through dissemination to National CERTs and network owners.

Crime areas
Please login or register to see this link.
Please login or register to see this link.
Edited by Fi8sVrs
  • Thanks 1

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By gutui
      Daphne Caruana Galizia's Murder and the Security of WhatsApp
      Daphne Caruana Galizia was a Maltese journalist whose anti-corruption investigations exposed powerful people. She was Please login or register to see this link. in October by a car bomb.
      Galizia used WhatsApp to Please login or register to see this link. with her sources. Now that she is dead, the Maltese police want to break into her phone or the app, and find out who those sources were.
      One journalist Please login or register to see this link. :
      I am less optimistic than that reporter. The FBI is Please login or register to see this link. ." The article doesn't explain that, but I would not be surprised if they were helping crack the phone.
      It will be interesting to see if WhatsApp's security survives this. My guess is that it depends on how much of the phone was recovered from the bombed car.
      EDITED TO ADD (11/7): The court-appointed IT expert on the case has a Please login or register to see this link. for theft and forgery.
      via Please login or register to see this link.
    • By madckcc
      I have a software requires a lot of installation on the pc
      If you have a botnet to install it
      Add my skype: Madckcc@hotmail.com
      We can talk about the price details
      My needs are unlimited as long as you can install
    • By madckcc
      I have a software requires a lot of installation on the pc
      If you have a botnet to install it
      Add my skype: Madckcc@hotmail.com
      We can talk about the price details
      My needs are unlimited as long as you can install
    • By fed
      St. Eugene
      Hacker from Anapa Evgeny Bogachev declared wanted by the FBI for fraud and extortion of money by a botnet Gameover Zeus, among neighbors and residents of the resort town is considered to be a hero. This in his special report from the Krasnodar region reported The Telegraph .
      In early June, based on the documents of the FBI, the British newspaper correspondents managed to set the address of the intended stay Bogacheva. As it turned out, his last location of US intelligence agencies believe the house number 120 on the street Lermontov.
      Send to this address journalists talked with the locals and found that for most of them is a model of hacker clever and talented man.

      Neighbors describe Evgeny Bogachev, as a quiet young man who loved to ride on a yacht. About Bogacheva employment in the IT sector, some of the residents knew only on sticker on his car Volvo, touting "repair of computer equipment."
      Seeing his neighbor in a photo from the press release the FBI, many refused to consider him a criminal, claiming that in fact Bogachyov - the hero and the "nice guy."
      According to 23-year-old local resident Michael, he often saw Eugene Bogacheva in the hallway, facing the street with his wife and 9-year-old daughter. Hacker believes talented young man and his actions on hacking other people's computers - it is moral because he hacked only "enemy computers, not their, Russian users."
      The same view is shared by the journalists surveyed The Telegraph local taxi driver Vazgen Atanasov.
      "Great guy." "If we consider that the Americans are doing with other people, their actions, he just pay them what they deserved. Vazgen Atanasov, a taxi driver from Anapa"
      Law enforcement agencies of the spa town, apparently, is not going to take any kind of action was to catch the hacker. The representative of the local police station refused to tell The Telegraph whether he received instructions from their superiors about Eugene Bogacheva. At the same time, speaking on my own behalf, a police officer said that he "would hang on Bogacheva medal."
      US authorities have put forward against Eugene Bogacheva charges of fraud, money laundering and hacking at the beginning of June. At the same time, the FBI reported that they were able to take control of the partially created Bogachyov Gameover Zeus botnet and "free" about 300 thousand were part of a computer.
      This US law enforcement agencies benefited from collaboration with the Ukrainian police, seized in May in Kiev and Donetsk several command servers botnet.
      Botnet Eugene Bogacheva worked on the basis of his writings Trojan Zeus, and for profit used the program Cryptolocker. With Cryptolocker hacker could encrypt files on users' computers and demand ransom for the return of access to them.
      According to the FBI, once the victim Gameover Zeus became even employees of one of the police stations in Massachusetts. For unlocking their computers police moved Bogachyov $ 750. In total, income from the Gameover Zeus is estimated at US $ 100 million.
      Please login or register to see this link.
    • By metasploit2015
      A former programmer for banking firm Goldman Sachs who has been accused of stealing company secrets has filed suit against the FBI agents who arrested him for allegedly violating his constitutional rights.
      Sergey Aleynikov, 45, has been battling it out in the courts ever since his 2009 arrest on charges that he absconded with code from Goldman Sachs' proprietary high-speed trading software, in violation of the federal Economic Espionage Act (EEA).
      He was convicted in 2011 and sentenced to prison time and a fine, but an appeals court later overturned his conviction and ordered his immediate release, saying the EEA didn't apply to the crimes of which he was accused. By that point, Aleynikov had already served 11 months in prison.
      He wasn't out of the woods yet, though. In 2012, Manhattan District Attorney Cyrus Vance filed new charges against Aleynikov on behalf of the state of New York, accusing him of "unlawful use of scientific material" and "unlawfully duplicating computer-related material."
      Aleynikov is due to stand trial on those charges on April 1, but in the meantime he has taken the offensive. Reuters reports that he has sued FBI agents Michael McSwain and Eugene Casey and some other, unnamed agents, on grounds that his arrest and prosecution were both prejudicial and illegal.
      According to the complaint filed in the US District Court of Newark, New Jersey, which was obtained by Bloomberg:
      The unconstitutional malicious prosecution of Aleynikov was designed not to serve the interests of justice but to curry favor with an influential corporation intent on punishing one of its most talented officers who chose to leave the firm and, in the process, sending a message to other employees and prospective employees that Goldman Sachs is willing and able to use the American criminal justice system as its own private enforcement arm.
      The suit alleges that not only were Aleynikov's arrest and the subsequent search of his home unlawful because the agents didn't get warrants, but that the FBI violated Aleynikov's civil rights again when they forwarded evidence to the Manhattan DA's office.
      In December, the judge in Aleynikov's original trial ruled that the property seized during the search of his home – including computers and thumb drives – should have been returned after his conviction was reversed. Instead, it became the basis of the New York State charges.
      Aleynikov's suit against the FBI agents comes just days after he also sued Goldman Sachs in an effort to have the firm advance him his legal fees to defend against a civil suit it filed against him over his alleged code theft.
      Reuters reports that Aleynikov has already incurred more than $3m in court costs related to the civil suit, and he has asked that the case be put on hold pending his upcoming criminal trial. ®
      Please login or register to see this link.