A botnet named Andromeda has resurfaced and is trying to shove backdoors into machines across the world, a security firm has warned.
The threat itself arrives via spammed messages with malicious attachments, or links to compromised websites hosting Blackhole Exploit Kit. Variants of the Andromeda malware can be bought on the Internet underground for as much as $500.
Australia, Turkey, and Germany are the top targeted countries, according to Trend Micro.
Thanks to the modular aspect of the Andromeda botnet, scanning technologies may struggle to pick up the threat. The malware even drops in a modular fashion, rather than in one lump file, making detection a little trickier.
“The perpetrators behind Andromeda have improved the malware’s propagation routines to proliferate itself by dropping several component files, one of which creates the registry key containing an encrypted .DLL file for its propagation,” Trend noted in a blog post.
“To some degree, these threats can be evaded by not opening links or attachments in suspicious emails, although with well-crafted emails this can be difficult.”
Andromeda was first spotted in late 2011, but was quiet throughout 2012. It’s likely the creators were improving their malicious software before relaunching in earnest.
Are you a security expert? Try our quiz!
Seemingly accidental leak reveals Google is developing Jarvis AI extension that can browse the web…
Amazon is reportedly in talks to pump billions of dollars more into AI start-up Anthropic,…
Star witness for the US prosecution of FTX founder Sam Bankman-Fried, has begun her two…
After axing 31 percent of its workforce when it failed to be acquired by Amazon,…
Mozilla Foundation axes 30 percent of its staff, and is eliminating its Advocacy Division that…
Improving security. Mandatory multi-factor authentication (MFA) is coming to the Google Cloud by the end…