A botnet named Andromeda has resurfaced and is trying to shove backdoors into machines across the world, a security firm has warned.
The threat itself arrives via spammed messages with malicious attachments, or links to compromised websites hosting Blackhole Exploit Kit. Variants of the Andromeda malware can be bought on the Internet underground for as much as $500.
Australia, Turkey, and Germany are the top targeted countries, according to Trend Micro.
Thanks to the modular aspect of the Andromeda botnet, scanning technologies may struggle to pick up the threat. The malware even drops in a modular fashion, rather than in one lump file, making detection a little trickier.
“The perpetrators behind Andromeda have improved the malware’s propagation routines to proliferate itself by dropping several component files, one of which creates the registry key containing an encrypted .DLL file for its propagation,” Trend noted in a blog post.
“To some degree, these threats can be evaded by not opening links or attachments in suspicious emails, although with well-crafted emails this can be difficult.”
Andromeda was first spotted in late 2011, but was quiet throughout 2012. It’s likely the creators were improving their malicious software before relaunching in earnest.
Are you a security expert? Try our quiz!
AI push sees Alphabet's Google saying it will consolidate its AI teams in its Research…
Beijing orders Apple to pull Meta's WhatsApp and Threads from its Chinese App Store over…
Key milestone sees Intel Foundry assemble ASML's new “High NA EUV” lithography tool, to begin…
Oracle's huge AI, Cloud investment in Japan will meet growing local demand and address digital…
People who create sexually explicit ‘deepfakes’ of adults will face prosecution under a new law…
Protest at cloud contract with Israel results in staff firings, in addition to layoffs of…