A joint operation between the Europol European Cybercrime Centre (EC3), Joint Cybercrime Action Taskforce (J-CAT) and authorities in the USA and Netherlands has targeted and sinkholed the Beebone botnet.
A polymorphic downloader bot that installs various forms of malware on victims’ computers, it may have infected tens of thousands of computers and the malware is sophisticated enough to spread more than five million unique variants across more than 195 countries.
The joint action was led by the Dutch National High Tech Crime Unit and supported by the FBI, US-based representatives at the National Cyber Investigative Joint Task Force- International Cyber Crime Coordination Cell (IC4) and representatives from Intel Security, Kaspersky and Shadowserver. The botnet was ‘sinkholed’ by registering, suspending or seizing all domain names with which the malware could communicate and traffic was then redirected.
Europol’s Deputy Director of Operations, Wil van Gemert, says: “This successful operation shows the importance of international law enforcement working together with private industry to fight the global threat of cyber crime.
“We will continue our efforts to take down botnets and disrupt the core infrastructures used by cybercriminals to carry out a variety of crimes. Together with the EU Member States and partners around the globe, our aim is to protect people worldwide against these criminal activities.”
Beebone is a Trojan which silently downloads and installs other programs and is distributed via web-based tactics or by email containing infected attachments or links to malicious websites. It is also prevalent on peer-to-peer file sharing websites and is often packaged with pirated or illegally acquired software.
Raj Samani, EMEA CTO of Intel Security, said that it is aware of more than five million unique AAEH samples with more than 100,000 machines from 200 countries identified. “This kind of takedown could not of happened without the cooperation between police organisations and private companies like Intel Security.”