Story image

Microsoft, ESET & law enforcement disrupt Gamarue botnet

06 Dec 17

Microsoft, ESET, the FBI, Interpol, Europol and other security stakeholders have collectively dismantled a major botnet operation known as Gamarue.

After a coordinated take down in November, law enforcement agencies were able to disrupt botnets and make an arrest.

The Gamarue botnet has been plaguing computers since 2011 and infected more than 1.1 million systems per month and heavily infected many countries in Asia. Gamarue is also known as Wauchos or Andromeda.

According to ESET, the Gamarue family’s was sold as a crime kit on the Dark Web. Its purpose was to steal credentials and to download and install additional malware.

“This malware family is a customizable bot, which allows the owner to create and use custom plugins. One such plugin allows the cybercriminal to steal content entered by users in web forms while another enables criminals to connect back and control compromised systems,” ESET explains further. 

Microsoft’s figures includes 1214 domains and IP addresses associated with the Command & Control centres; 464 distinct botnets; and 80 associated malware families.

Gamarue has also spawned independent botnets, with samples spread across social media, instant messaging, removable media, spam and exploit kits.

“There are multiple botnets, potentially all run by different people. The Botnets we were tracking for this operation were mainly involved in criminal activities to make a profit, not espionage,” ESET explains.

Microsoft approached ESET and together they tracked Gamarue’s botnets for a year and a half. They identified Command & Control servers for takedown and monitored what exactly was being installed on victims’ systems.

“In the past, Wauchos has been the most detected malware family amongst ESET users, so when we were approached by Microsoft to take part in a joint disruption effort against it, to better protect our users and the general public at large, it was a no-brainer to agree,” comments ESET senior malware researcher  Jean-Ian Boutin.

However in an FAQ, ESET reveals that Gamarue is still prevalent because it is actively distributed and the people running the botnets are trying not to get caught.

Although ESET says it has ‘sinkholed’ all known domains, it is too soon to know if Gamarue’s activity will stop or keep going.

“This particular threat has been around for several years now and it is constantly reinventing itself – which can make it hard to monitor. But by using ESET Threat Intelligence and by working collaboratively with Microsoft researchers, we have been able to keep track of changes in the malware’s behaviour and consequently provide actionable data which has proven invaluable in these takedown efforts.”

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Updated: Chch crypto-exchange Cryptopia suffers breach
Cryptopia has reportedly experienced a security breach that has taken the entire platform offline – and resulted in ‘significant losses’.
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.