Polymorphic Botnet Beebone Brought Down By US and European Authorities

A bunch of US and European agencies in association various security software firms have managed to put an end to an elusive botnet called Beebone that had infected thousands of computers across the world. A majority of Beebone victims were from the United States followed by Japan, India and Taiwan. European agencies obtained 205,000 samples from 23,000 systems in the past two years to know more about the botnet that could not detected by off-the-shelf antivirus software due to its polymorphic nature. Beebone botnet earned its polymorphic nature from its downloader worm named as W32/Worm-AAEH that updated itself up to 19 times a day. The botnet also relied on a pair of programs that downloaded themselves everyday in case one of them gets the boot from a user’s antivirus program. Once the botnet infected a system it managed to block connections between the system and the antivirus company website to prevent the security software from downloading virus signature updates.

Botnet

Since security software makers were finding it hard to identify and blacklist numerous iterations of Beebone they employed a tactic called sinkholing to end its menace. Sinkholing is the process of taking control of all the domain names and IP addresses that act as command and control network of the botnet. The cyber experts from Europol also setup their own command network to redirect any traffic from the computers that were already infected with Beebone. This not only prevented the spread of Beebone to other computers but helped the agency to identify victims. Europol is collecting information about affected systems and sending them to Internet Service Providers and Computer Emergency Response Teams who shall be responsible to inform the victims about the infection.

The agencies involved in this mission were Europol’s European Cybercrime Centre (EC3), Joint Cybercrime Action Taskforce (J-CAT), Dutch authorities, FBI, National Cyber Investigative Joint Task Force from the US and cyber security firms like Intel Security, Kaspersky and Shadowserver.

Source: #-Link-Snipped-# via #-Link-Snipped-#

Replies

You are reading an archived discussion.

Related Posts

After the success of Lenovo A700 with all its stunning reviews from its customers, the Chinese tech-giant doesn't seem to be taking rest. It has brought a new low budget...
hi friends, am planning to take cloud certification, can anyone suggest me the good institute to join. (Location: chennai, TamilNadu) or else is there a free online class for cloud...
I have small query please give me solution for this. my query is i want to delete a column from a table .
Electricity Pylons have been with us since eternity. Their lattice structure made out of steel with four legs is immediately recognisable from miles. They are responsible for supporting overhead power...
SkyOrbiter is an interesting solar powered drone that aims to provide Internet access across the world. Developed by a Portuguese company that goes by the name 'Quarkson' successfully tested the...