back to article International team takes down virus-spewing Andromeda botnet

Police and private companies have taken down a massive botnet used to move malware onto compromised PCs. The Andromeda botnet, also known as Gamarue, is thought to have spanned over two million PCs and distributed over 80 types of malware onto infected PCs. It was shut down on November 29 in a combined operation by Europol, …

Silver badge

Grab your Pitchforks!

Deride ESET - they work with the FBI! State collusion with an AV vendor! It's a short plank to bias, infiltration and other stuff!

Reach for the placards - Down with that sort of thing!

"But ESET were helping the world avoid nasty malware that spied on users, grabbed personal information and sent it back to an undefined c&c server ... so that's ok then ... isn't it Ted?"

"Depends how far west the server is and if it turns out to be NSA state sponsored spyware Dougal ..."

5
5
Silver badge
Coat

Only i doubt it's door to door...

Sounds like they an Avon-esque malware catalogue they offer and allow you to build your own custom malware like a meal deal...What a world we live in...

0
0
Silver badge

Re: Only i doubt it's door to door...

Unless i'm too far mistaken this is a known thing. It's more profitable for the people who can write malware to keep writing them full time and then sell them on than developers trying to do operations stuff.

3
0
Silver badge
Coat

Re: Only i doubt it's door to door...

"Sounds like they an Avon-esque malware catalogue they offer"

it's what discriminating script-kiddies demand!

/me runs off to make alternate use of plumbing due to the bile taste that's beginning to accumulate...

1
1
Bronze badge

I bet the NSA are now going through the logs and content to see who they can spy on next or cloning the C&C server to run at one of their black datacentres !

1
0
Silver badge

Making the internet safe

"The clear message is that public-private partnerships can impact these criminals and make the internet safer for all of us."

Six years on from when it was first noticed, they've cleaned up a few computers and arrested one person. I'm not sure the message is quite as clear as they seem to think.

8
0
Anonymous Coward

And yet if you visit the US to discuss how you took down the malware...

...the idiot Feds will lock you up and blame you for starting it

9
0
Anonymous Coward

Re: And yet if you visit the US to discuss how you took down the malware...

https://www.theregister.co.uk/2017/08/21/gchq_knew_marcus_hutchins_risked_arrest_fbi/

0
0
Silver badge
Terminator

Massive malware moves onto compromised PCs

"Police and private companies have taken down a massive botnet used to move malware onto compromised PCs."

What was the name of the compromised Desktop Operating System. How did the PCs get compromised in the first place? How does the malware move onto the PCs. Is there a syntethic version of the kinesin protein that is used to transport viruses across microtubule in the biological world.

4
0
Silver badge

Re: Massive malware moves onto compromised PCs

Kinesin does a hell of a lot more than transporting viruses. It is like a railway train except it runs on circular tracks and so multiple molecules in both directions can not crash into each other. A train can contain bad people in the same way.

Yours a biomedical researcher. I remember being taught about it by a lecturer who researched axonal transport back in the 1980s.

0
0
Bronze badge

NSA rants

It amazes me how many people arrogantly assume they are so important the NSA gives a rats ass about them.

Must be nice to be a snowflake, so you can criticize everything no matter what the outcome is. To live in your own little world... where everything is as you think it is.

However, most people know doing these two things will ensure you never make it this world... because you never develop the skills to think critically and see through the BS.

0
9
Silver badge
WTF?

Re: NSA rants

"Must be nice to be a snowflake"

I don't think that word means what you think it means...

2
1

Wouldn't the operators notice?

So the botnet operator would have had signs that someone was taking an interest. As in, that the AVs were hitting its installs more and more frequently. Eventually this kind of operation will cause the operators to run before the takedown happens. But that will likely take a while.

2
0
Silver badge
Devil

Re: Wouldn't the operators notice?

"Eventually this kind of operation will cause the operators to run before the takedown happens"

when I consider the size of the typical "dumb crook file", and the sheer blatant stupidity of the average criminal, I doubt that this will become 'the norm'.

most likely they're using the same login for the botnet as they do for their gamer ID (or one that's a lot like it), and ALSO using their moms' cable internet from their basement dwellings to connect to the command/control IRC server [with an identity that's ALSO similar to their gamer ID, and without using Tor, because IRC servers typically block Tor exit nodes]

so, yeah. "dumb crook" file.

http://www.dumbcrooks.com/

0
1

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018