back to article International team takes down virus-spewing Andromeda botnet

Police and private companies have taken down a massive botnet used to move malware onto compromised PCs. The Andromeda botnet, also known as Gamarue, is thought to have spanned over two million PCs and distributed over 80 types of malware onto infected PCs. It was shut down on November 29 in a combined operation by Europol, …

  1. Andy The Hat Silver badge

    Grab your Pitchforks!

    Deride ESET - they work with the FBI! State collusion with an AV vendor! It's a short plank to bias, infiltration and other stuff!

    Reach for the placards - Down with that sort of thing!

    "But ESET were helping the world avoid nasty malware that spied on users, grabbed personal information and sent it back to an undefined c&c server ... so that's ok then ... isn't it Ted?"

    "Depends how far west the server is and if it turns out to be NSA state sponsored spyware Dougal ..."

  2. Tigra 07
    Coat

    Only i doubt it's door to door...

    Sounds like they an Avon-esque malware catalogue they offer and allow you to build your own custom malware like a meal deal...What a world we live in...

    1. Peter2 Silver badge

      Re: Only i doubt it's door to door...

      Unless i'm too far mistaken this is a known thing. It's more profitable for the people who can write malware to keep writing them full time and then sell them on than developers trying to do operations stuff.

    2. bombastic bob Silver badge
      Coat

      Re: Only i doubt it's door to door...

      "Sounds like they an Avon-esque malware catalogue they offer"

      it's what discriminating script-kiddies demand!

      /me runs off to make alternate use of plumbing due to the bile taste that's beginning to accumulate...

  3. Wolfclaw

    I bet the NSA are now going through the logs and content to see who they can spy on next or cloning the C&C server to run at one of their black datacentres !

  4. Cuddles

    Making the internet safe

    "The clear message is that public-private partnerships can impact these criminals and make the internet safer for all of us."

    Six years on from when it was first noticed, they've cleaned up a few computers and arrested one person. I'm not sure the message is quite as clear as they seem to think.

  5. Anonymous Coward
    Anonymous Coward

    And yet if you visit the US to discuss how you took down the malware...

    ...the idiot Feds will lock you up and blame you for starting it

    1. Anonymous Coward
      Anonymous Coward

      Re: And yet if you visit the US to discuss how you took down the malware...

      https://www.theregister.co.uk/2017/08/21/gchq_knew_marcus_hutchins_risked_arrest_fbi/

  6. Anonymous Coward
    Terminator

    Massive malware moves onto compromised PCs

    "Police and private companies have taken down a massive botnet used to move malware onto compromised PCs."

    What was the name of the compromised Desktop Operating System. How did the PCs get compromised in the first place? How does the malware move onto the PCs. Is there a syntethic version of the kinesin protein that is used to transport viruses across microtubule in the biological world.

    1. Muscleguy

      Re: Massive malware moves onto compromised PCs

      Kinesin does a hell of a lot more than transporting viruses. It is like a railway train except it runs on circular tracks and so multiple molecules in both directions can not crash into each other. A train can contain bad people in the same way.

      Yours a biomedical researcher. I remember being taught about it by a lecturer who researched axonal transport back in the 1980s.

  7. Aodhhan

    NSA rants

    It amazes me how many people arrogantly assume they are so important the NSA gives a rats ass about them.

    Must be nice to be a snowflake, so you can criticize everything no matter what the outcome is. To live in your own little world... where everything is as you think it is.

    However, most people know doing these two things will ensure you never make it this world... because you never develop the skills to think critically and see through the BS.

    1. bombastic bob Silver badge
      WTF?

      Re: NSA rants

      "Must be nice to be a snowflake"

      I don't think that word means what you think it means...

  8. Frozit

    Wouldn't the operators notice?

    So the botnet operator would have had signs that someone was taking an interest. As in, that the AVs were hitting its installs more and more frequently. Eventually this kind of operation will cause the operators to run before the takedown happens. But that will likely take a while.

    1. bombastic bob Silver badge
      Devil

      Re: Wouldn't the operators notice?

      "Eventually this kind of operation will cause the operators to run before the takedown happens"

      when I consider the size of the typical "dumb crook file", and the sheer blatant stupidity of the average criminal, I doubt that this will become 'the norm'.

      most likely they're using the same login for the botnet as they do for their gamer ID (or one that's a lot like it), and ALSO using their moms' cable internet from their basement dwellings to connect to the command/control IRC server [with an identity that's ALSO similar to their gamer ID, and without using Tor, because IRC servers typically block Tor exit nodes]

      so, yeah. "dumb crook" file.

      http://www.dumbcrooks.com/

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like