In a successful joint operation participated by European Cybercrime Centre (EC3), Joint Cybercrime Action Taskforce (J-CAT), Dutch High Tech Crime Unit, FBI and other private partners, a dangerous botnet called as Beebone (also known as AAEH) was hunted down.
The operation is of significant importance because Beebone is a polymorphic downloader bot that reproduces itself and installs various forms of malware on victims’ computers. Until now 30000 machines have been found to be infected with this deadly virus and the numbers are expected to go up very soon.
Beebone Botnet
What makes Beebon really unique it its ability to reproduce consistently and escape detection by most antivirus programs. The Polymorphic downloader bot could update itself as many as 19 times a day. Also Beebone is built with a pair of programs that re-download each other, thus acting as a backup should one of them be removed.
As per Europol, there are currently over 5 million unique W32/Worm-AAEH samples of the downloader bot, with more than 205 000 samples from 23 000 systems detected in 2013-2014. These systems are spread across more than 195 countries, demonstrating the threat’s global reach. The United States has reported the greatest number of infections followed by Japan, India and Taiwan.
The bot’s take down was done by sink-holing the Beebone command-and-control network. The process involved registering, suspending or seizing all domain names with which the malware could communicate and traffic was then redirected. Information about the Bot will be shared to the Internet Service Providers and Computer Emergency Response Teams around the world, so as to inform the victims.
Bot’s successful take down through a joint effort between the police and private companies shows the growing ability of stakeholders to eliminate criminal operations. Antivirus companies, F-Secure, Intel Security, Symantec and TrendMicro have released a remedy to clean and restore infected computers’ defenses.
For those who fear their computer may have been infected, EC3 recommends downloading specialist disinfection software.
