Gamarue Botnet Disrupted In Global Operation

Police forces around the world have teamed up to disrupt many long-running botnets powered by a malware family dubbed as Gamarue.

The malware also goes by the name of Andromeda or Wauchos, and ESET said it had been approached by Microsoft to help in the takedown.

Gamarue has been around for a very long time now. Indeed, Win32/Gamarue was the most commonly encountered threat in the second half of 2015. It is typically distributed via exploit kits and social engineering.

Global Operation

ESET said that the takedown was part of a “year-plus concerted effort that relied on technical intelligence from Microsoft and ESET researchers.”

“ESET, having been approached by Microsoft to join the disruption effort, provided a technical analysis for the operation that ultimately knocked Wauchos for the count,” it added.

“ESET researchers closely tracked the botnets, identified their C&C servers for takedown, and kept tabs on what those spreading the threat were installing on victims’ systems,” the firm said. “Microsoft then contacted law enforcement with information that included: 464 distinct botnets, 80 associated malware families, and 1,214 domains and IP addresses of the botnet’s C&C servers.”

According to EST, Wauchos has around since at least September 2011, having come in five major versions over the years.It is sold on Dark Web as a crime kit.

ESET cited Microsoft figures as pointing out that the infestation was detected or blocked on an average of nearly 1.1 million machines every month over the past six months.

Indeed, ESET said it found dozens of C&C servers every month.

“Wauchos is mostly used to steal credentials, and to download and install additional malware onto a system,” said ESET researcher Jean-Ian Boutin. “Thus, if a system is compromised with Wauchos, it’s likely that there will be several other malware families lurking on the same system.”

Does IoT security concern you?

  • Yes (89%)
  • No (11%)

Loading ...

Once a machine is infected with the botnet, it is typically infested with secondary malware such as Kasidet, which is also known as Neutrino bot. These compromised machines are then used to conduct distributed denial-of-service (DDoS) attacks.

Wauchos has a modular design, allowing it to be easily expanded by plug-ins such as a keylogger and a form grabber. These can steal a user’s personal data. A rootkit meanwhile can be used to hide the malware’s presence.

Botnet Takedowns

“Over the years, intelligence provided by ESET has been instrumental in dismantling a number of criminal operations, including the Dorkbot and Mumblehard botnets, and the Avalanche fast-flux network that was employed by many other botnets,” said ESET.

It is worth noting however that it is Microsoft that has over the years played a leading role in the takedown of various botnets around the world.

Indeed Microsoft has long led the tech industry fight against the scourge of botnets.

Starting with Waledac in March 2010, the company has partnered with other technology firms to gather data on a variety of botnets, built civil cases against the botnet operators, and then seized the domains and command-and-control servers of those operators.

Do you know all about security in 2017? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

17 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

17 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

18 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

20 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

23 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

23 hours ago