Gamarue Botnet Disrupted In Global Operation

Police forces around the world have teamed up to disrupt many long-running botnets powered by a malware family dubbed as Gamarue.

The malware also goes by the name of Andromeda or Wauchos, and ESET said it had been approached by Microsoft to help in the takedown.

Gamarue has been around for a very long time now. Indeed, Win32/Gamarue was the most commonly encountered threat in the second half of 2015. It is typically distributed via exploit kits and social engineering.

Global Operation

ESET said that the takedown was part of a “year-plus concerted effort that relied on technical intelligence from Microsoft and ESET researchers.”

“ESET, having been approached by Microsoft to join the disruption effort, provided a technical analysis for the operation that ultimately knocked Wauchos for the count,” it added.

“ESET researchers closely tracked the botnets, identified their C&C servers for takedown, and kept tabs on what those spreading the threat were installing on victims’ systems,” the firm said. “Microsoft then contacted law enforcement with information that included: 464 distinct botnets, 80 associated malware families, and 1,214 domains and IP addresses of the botnet’s C&C servers.”

According to EST, Wauchos has around since at least September 2011, having come in five major versions over the years.It is sold on Dark Web as a crime kit.

ESET cited Microsoft figures as pointing out that the infestation was detected or blocked on an average of nearly 1.1 million machines every month over the past six months.

Indeed, ESET said it found dozens of C&C servers every month.

“Wauchos is mostly used to steal credentials, and to download and install additional malware onto a system,” said ESET researcher Jean-Ian Boutin. “Thus, if a system is compromised with Wauchos, it’s likely that there will be several other malware families lurking on the same system.”

Does IoT security concern you?

  • Yes (89%)
  • No (11%)

Loading ...

Once a machine is infected with the botnet, it is typically infested with secondary malware such as Kasidet, which is also known as Neutrino bot. These compromised machines are then used to conduct distributed denial-of-service (DDoS) attacks.

Wauchos has a modular design, allowing it to be easily expanded by plug-ins such as a keylogger and a form grabber. These can steal a user’s personal data. A rootkit meanwhile can be used to hide the malware’s presence.

Botnet Takedowns

“Over the years, intelligence provided by ESET has been instrumental in dismantling a number of criminal operations, including the Dorkbot and Mumblehard botnets, and the Avalanche fast-flux network that was employed by many other botnets,” said ESET.

It is worth noting however that it is Microsoft that has over the years played a leading role in the takedown of various botnets around the world.

Indeed Microsoft has long led the tech industry fight against the scourge of botnets.

Starting with Waledac in March 2010, the company has partnered with other technology firms to gather data on a variety of botnets, built civil cases against the botnet operators, and then seized the domains and command-and-control servers of those operators.

Do you know all about security in 2017? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Mark Zuckerberg Overtakes Bezos To Become Second-Richest Man

Billionaire battle. Meta's boss Mark Zuckerberg overtakes Jeff Bezos to become the world’s second richest…

2 days ago

US, Microsoft Disrupts Russian FSB Hackers

Internet domains used by “Russian intelligence agents and their proxies” for cyberattacks, seized by the…

2 days ago

Mike Lynch Died From Drowning, Coroner Inquest Rules

UK's tech billionaire Dr Mike Lynch died from drowning on his superyacht, but his daughter's…

2 days ago

Tesla Recalls 27,000 Cybertrucks Over Rear Camera Issue

Another recall for thousands of Tesla Cybertrucks over delay with rear camera, with could hamper…

3 days ago

Browser Firms Press EU To Reconsider Microsoft Edge As Gatekeeper

Browser firms write to European Commission alleging Microsoft's Edge web browser enjoys an unfair advantage

3 days ago

Microsoft Invests €4.3 Billion In Italy For AI, Cloud

Data centre and AI spending spree continues over at Microsoft, with Italy earmarked for €4.3…

3 days ago