Malware-delivery botnet Andromeda bites the dust
An international cyberoperation involving law enforcement agencies and private sector partners has dismantled Andromeda (aka Gamarue), one of the longest-running malware families in existence, according to a Europol press release.
Andromeda was associated with 80 malware families and, within the last six months, was detected or blocked on more than 1 million machines monthly, on average.
The widely distributed malware created a network of infected computers called the Andromeda botnet, whose chief purpose was to distribute other malware families.
The botnet allowed criminals to harvest sensitive information — such as online banking credentials and credit card information — from infected computers.
Andromeda was distributed by the Avalanche network, which also recruited money mules. Avalanache was dismantled in a huge international cyberoperation in 2016, the release said.
The international partners took action against servers and domains used to spread the Andromeda malware. In all, 1,500 domains of the malicious software were subject to sinkholing — i.e., redirection to servers controlled by law enforcement authorities or an IT security company.
Sinkholing prevents infected computers from communicating with criminal command-and-control computer systems. The IP addresses for these infected computers can subsequently be used for victim notification and followup.
According to Microsoft, during 48 hours of sinkholing, approximately 2 million unique Andromeda victim IP addresses from 223 countries were captured. Authorities also executed the search for and arrest of a suspect in Belarus.
Simultaneously, the Avalanche sinkhole was extended for another year, a measure made necessary by the fact that 55 percent of the computer systems used by that network remain infected today.
Organizations participating in the Andromeda investigation included the Europol European Cybercrime Center, the FBI, the Luneburg Central Criminal Investigation Inspectorate in Germany, the Joint Cybercrime Action Task Force, Eurojust and private-sector partners.