Beebone Botnet Busted In an International Operation

Threatpost.com reported on 9th April, 2015 stating that a comparatively small and troublesome botnet, known as Beebone, has been pulled down in a united operation by U.S. and European law enforcement agencies and many private security companies.

FBI (Federal Bureau of Investigation), Department of Homeland Security (DHS), Europol and Dutch authorities made a note of Beebone which was dubbed as 'Operation Source.'

Beebone or AAEH was a polymorphic downloader that was employed to contaminate 12,000 computers. It distributed ransomware, banking malware and other spyware throughout the world.

DHS advised that Beebone bots could swell across networks or taint machines through detachable drives or as ZIP or else RAR attachments. The malware could change its structure with every infection and morph every 120 minutes in some cases. DHS added that the malware has been used to spread ZeroAccess, Zeus, Cutwail and CryptoLocker Trojans.

Interestingly, Beebone goes to large extent to avoid detection by antivirus solutions and IPS tools. It achieves this by blocking connections to IP address blocks connected with networks of security companies or by disabling antivirus and other security tools on tainted machines.

Authorities carried out the operation by sinkholing the botnet (Beebone) which involved redirecting domains used by command-and-control server of the botnet to a server run by security firms.

Such action makes attackers from losing their control of the botnet and also enables authorities to identify victims whose systems are now getting connected to the sinkhole server.

Europol said that information about the botnet will be disclosed to ISPs and CERTs (computer emergency response team) all over the world so that they can inform victims and assist them to clean their PCs.

Securityweek.com published news on 9th April, 2015 quoting Wil van Gemert, Deputy Director of Operations of Europol, as saying "This victorious operation proves that how important is the joint working of global law enforcement and private firms to battle the global menace of cybercrime. We will continue to shut down botnets and disturb the main infrastructures employed by cyber crooks to launch different crimes. Our objective is to protect people from these illegal activities in collaboration with EU Member States and partners all over the world."

» SPAMfighter News - 4/16/2015