Polymorphic Botnet Beebone Brought Down By US and European Authorities
A bunch of US and European agencies in association various security software firms have managed to put an end to an elusive botnet called Beebone that had infected thousands of computers across the world. A majority of Beebone victims were from the United States followed by Japan, India and Taiwan. European agencies obtained 205,000 samples from 23,000 systems in the past two years to know more about the botnet that could not detected by off-the-shelf antivirus software due to its polymorphic nature. Beebone botnet earned its polymorphic nature from its downloader worm named as W32/Worm-AAEH that updated itself up to 19 times a day. The botnet also relied on a pair of programs that downloaded themselves everyday in case one of them gets the boot from a user’s antivirus program. Once the botnet infected a system it managed to block connections between the system and the antivirus company website to prevent the security software from downloading virus signature updates.
Since security software makers were finding it hard to identify and blacklist numerous iterations of Beebone they employed a tactic called sinkholing to end its menace. Sinkholing is the process of taking control of all the domain names and IP addresses that act as command and control network of the botnet. The cyber experts from Europol also setup their own command network to redirect any traffic from the computers that were already infected with Beebone. This not only prevented the spread of Beebone to other computers but helped the agency to identify victims. Europol is collecting information about affected systems and sending them to Internet Service Providers and Computer Emergency Response Teams who shall be responsible to inform the victims about the infection.
The agencies involved in this mission were Europol’s European Cybercrime Centre (EC3), Joint Cybercrime Action Taskforce (J-CAT), Dutch authorities, FBI, National Cyber Investigative Joint Task Force from the US and cyber security firms like Intel Security, Kaspersky and Shadowserver.
Source: #-Link-Snipped-# via #-Link-Snipped-#
Since security software makers were finding it hard to identify and blacklist numerous iterations of Beebone they employed a tactic called sinkholing to end its menace. Sinkholing is the process of taking control of all the domain names and IP addresses that act as command and control network of the botnet. The cyber experts from Europol also setup their own command network to redirect any traffic from the computers that were already infected with Beebone. This not only prevented the spread of Beebone to other computers but helped the agency to identify victims. Europol is collecting information about affected systems and sending them to Internet Service Providers and Computer Emergency Response Teams who shall be responsible to inform the victims about the infection.
The agencies involved in this mission were Europol’s European Cybercrime Centre (EC3), Joint Cybercrime Action Taskforce (J-CAT), Dutch authorities, FBI, National Cyber Investigative Joint Task Force from the US and cyber security firms like Intel Security, Kaspersky and Shadowserver.
Source: #-Link-Snipped-# via #-Link-Snipped-#
0