ESET, Microsoft And World Police Shut Down Andromeda Botnet
ESET, Microsoft And World Police Shut Down Andromeda Botnet

Recently, the well-known security company ESET in a joint collaboration with the tech giant Microsoft and law enforcement agencies – the FBI, Interpol, Europol and other cybersecurity entities – have dropped down one of the largest existing botnets, which had inflicted thousands of casualties since 2011.

ESET, Microsoft And World Police Shut Down Andromeda Botnet

ESET security researchers, in collaboration with the tech giant Microsoft and law enforcement agencies – the FBI, Interpol, Europol and other cybersecurity entities – have dropped down one of the largest existing botnets known as Gamarue (detected by ESET as Win32/TrojanDownloader.Wauchos), which had inflicted thousands of casualties since 2011. According to the data, the botnet Gamarue was responsible for infecting more than 1.1 million systems per day.

What is Gamarue?

This severe botnet was actually created by cybercriminals in September 2011 and sold as a kit on Dark Web in obscure forums, the purpose of the Gamarue family was to steal credentials and install additional malware on users’ systems.

This malware family consists of a configurable bot, allowing its owner to create and use custom plugins. One of these plugins allows the cybercriminal to steal data entered by users into web forms, while others allow criminals to connect to compromised systems and control them.

Its popularity caused several independent Gamarue botnets to appear. The well-known security company, ESET found that malware was distributed around the world through social networking platforms, instant messaging services, removable media, spam and exploit kits.

Image Source: WeLiveSecurity
Image Source: WeLiveSecurity

How did ESET and Microsoft gather information?

Using the well-known security company ESET’s Threat Intelligence service, its researchers were able to create a bot capable of communicating with the C & C threat server. In this way, the well-known security company ESET and the tech giant Microsoft closely followed the Gamarue botnets over the last year and a half, identifying their C & C servers and monitoring what was installed on the victims’ systems. The two companies have thus compiled a list of all domains used by cybercriminals as C & C servers.

In the past, Wauchos was the most-detected malware family among ESET users, so when they were approached by the tech giant Microsoft to engage in a joint threat effort to better protect our users and the general public they obviously agreed.

This particular threat has existed for several years and is constantly reinventing itself – making it difficult to monitor it. But thanks to the well-known security company ESET’s Threat Intelligence and collaboration with the tech giant Microsoft researchers, they have been able to keep up with changes in malware behaviour, and thus provide data that has proven crucial in these efforts

What should users do if they suspect that their systems have been compromised?

Traditionally, cybercriminals have used Gamarue malware to steal credentials from home users’ websites through a forms swipe plugin. However, the well-known security company ESET researchers have recently found that malware has also been used to install multiple spam bots on compromised machines in a pay-per-install scheme.

The security company ESET advises users to suspect that their Windows system may be compromised to use the ESET Online Scanner, which removes any threats, including the Gamarue, found in the system. To learn about a more complex way of protecting your botnet devices, please visit the dedicated ESET website.

So, what do you think about this dangerous Botnet? Simply share your views and thoughts in the comment section below.



AUTHOR