The massive and long-running Andromeda botnet, also known as Gamarue, has been take down by a collaborative effort between international law enforcement agencies and other stakeholders, according to a Monday announcement by Europol.
The Federal Bureau of Investigations (FBI), in cooperation with the Luneburg Central Criminal Investigation Inspectorate in Germany, Europol’s European Cybercrime Centre (EC3), the Joint Cybercrime Action Task Force (J-CAT), Eurojust and private-sector partners dismantled the network, which has been associated with 80 malware families and has been detected or blocked on more than a million machines every month over the past six months, on Nov. 29, Europol says.
“This is another example of international law enforcement working together with industry partners to tackle the most significant cyber criminals and the dedicated infrastructure they use to distribute malware on a global scale,” Steven Wilson, the Head of Europol’s European Cybercrime Centre said in a statement. “The clear message is that public-private partnerships can impact these criminals and make the internet safer for all of us.”
The Andromeda/Gamarue malware family was created in September 2011 to steal credentials from and distribute other malware to infected computers, ZDNet reports.
Another international investigation, into the Avalanche international criminal infrastructure which had been used to launch “mass global malware attacks” including Andromeda, concluded a year ago when German police dismantled the platform. Insights gained during that operation were shared with the FBI through Europol, and the supported the efforts against Andromeda.
The operation partners made “sinkholes” of 1,500 domains serving malicious software. Microsoft said unique IP addresses of approximately two million Andromeda victims in 223 countries were captured in a 48-hour period. Belgian police also arrested a suspect and carried out a search at the same time.
Countries involved in the efforts against Avalanche and Andromeda include Austria, Belgium, Finland, France, Italy, the Netherlands, Poland, Spain, the United Kingdom, Australia, Belarus, Canada, Montenegro, Singapore and Taiwan. Private and institutional partners in the project include Shadowserver Foundation, Microsoft, Registrar of Last Resort, Internet Corporation for Assigned Names and Numbers (ICANN) and associated domain registries, Fraunhofer Institute for Communication, Information Processing and Ergonomics (FKIE), and the German Federal Office for Information Security (BSI).
Botnets continue to threaten internet security, with the “IoT_reaper” malware discovered in October to have infected more than 2 million devices in a month.