Task force silences massive Andromeda botnet

The botnet is thought to have spewed malware from two million infected devices

A massive botnet responsible for spreading malware using a two million-strong army of infected devices has finally been taken down by a joint task force of police agencies and private companies.

Thought to have been one of the largest ever discovered, the Andromeda botnet has been associated with 80 different malware families, and in the last six months alone, was detected or blocked on an average of one million devices every month.

Advertisement - Article continues below

The botnet was stopped by a joint task force comprising agents from the FBI, Europol's European Cybercrime Centre (EC3), Eurojust, the Joint Cybercrime Action Task Force (J-CAT), and a number of private organisations, including Microsoft.

Praising the cooperation between private and public organisations, Steven Wilson, head of EC3, said: "This is another example of international law enforcement working together with industry partners to tackle the most significant cyber criminals and the dedicated infrastructure they use to distribute malware on a global scale.

"The clear message is that public-private partnerships can impact these criminals and make the internet safer for all of us.

The Andromeda botnet is also thought to have been deployed by the now infamous Avalanche malware network, which was used to spread Trojans to German speakers in Germany, Austria and Switzerland in an attempt to extort money. That network was eventually taken down by the Luneburg Police in cooperation with the FBI, Eurojust, and Europol in late 2016.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Insights gained during the Avalanche investigation by local police agencies in Germany were instrumental in dismantling the Andromeda botnet, according to Europol. More than 1,500 domains carrying the Andromeda malware were subject to "sinkholing", a technique that redirects traffic between infected devices to servers controlled by the investigators.

Microsoft found that during a 48-hour sinkholing window, around two million unique Andromeda IP addresses were logged from 223 different countries, including the UK, France, Belgium, Italy, Spain, and non-EU states such as Australia, Canada and Singapore.

The investigation has led to the arrest of an individual in Belarus, but information on the suspect hasn't been released.

While the closure of the botnet is a significant victory for law enforcement agencies and those working to curb the effect of the highly lucrative malware industry, the threat has not been entirely removed.

Although the Avalanche network has now been down for almost a year, it's thought that as many as 55% of those devices originally infected are still infected today. It's likely that the residual effects of the Andromeda botnet will still be felt for some years to come.

Advertisement - Article continues below

There's also the issue of the remaining botnets still out there, including the recently discovered Reaper network, which managed to infect up to 10,000 devices in a single day.

Security researchers have also attempted to curb the spread of the infamous Mirai botnet, following a successful attack on the Dyn server network last year, and a 54-hour DDoS storm against a US college in March, however efforts to introduce a software fix for IoT devices have so far failed. 

Image: Bigstock

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/security/ethical-hacking/356252/poorly-secured-banking-apps-lead-to-cyber-threats
ethical hacking

Mobile banking apps are exposing user data to attackers

26 Jun 2020

Most Popular

Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/policy-legislation/data-protection/356344/eu-institutions-warned-against-purchasing-any-further
data protection

EU institutions told to avoid Microsoft software after licence spat

3 Jul 2020
Visit/security/vulnerability/356295/microsoft-patches-high-risk-flaws-that-can-be-exploited-with-a
vulnerability

Microsoft releases urgent patch for high-risk Windows 10 flaws

1 Jul 2020