Security News Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)

[Av Gurus]

Today, with help from Microsoft security researchers, law enforcement agencies around the globe, in cooperation with Microsoft Digital Crimes Unit (DCU), announced the disruption of Gamarue, a widely distributed malware that has been used in networks of infected computers collectively called the Andromeda botnet.

The disruption is the culmination of a journey that started in December 2015, when the Microsoft Windows Defender research team and DCU activated a Coordinated Malware Eradication (CME) campaign for Gamarue. In partnership with internet security firm ESET, we performed in-depth research into the Gamarue malware and its infrastructure.

Our analysis of more than 44,000 malware samples uncovered Gamarue’s sprawling infrastructure. We provided detailed information about that infrastructure to law enforcement agencies around the world, including:

• 1,214 domains and IP addresses of the botnet’s command and control servers
• 464 distinct botnets
• More than 80 associated malware families

The coordinated global operation resulted in the takedown of the botnet’s servers, disrupting one of the largest malware operations in the world. Since 2011, Gamarue has been distributing a plethora of other threats, including:

• Petya and Cerber ransomware
• Kasidet malware (also known as Neutrino bot), which is used for DDoS attacks
• Lethic, a spam bot
• Info-stealing malware Ursnif, Carberp, and Fareit, among others

A global malware operation
For the past six years, Gamarue has been a very active malware operation that, until the takedown, showed no signs of slowing down. Windows Defender telemetry in the last six months shows Gamarue’s global prevalence.



Figure 1. Gamarue’s global prevalence from May to November 2017

While the threat is global, the list of top 10 countries with Gamarue encounters is dominated by Asian countries.



Figure 2. Top 10 countries with the most Gamarue encounters from May to November 2017

In the last six months, Gamarue was detected or blocked on approximately 1,095,457 machines every month on average.



Figure 3. Machines, IPs, and unique file encounters for Gamarue from May to November 2017; data does not include LNK detections

 

[upnorth]

Hope this effort also put some real people behind bars.

 

[plat1098]

It's just like the cops and Feds busting a huge drug smuggling ring in Queens after being under surveillance by them for a while. Very impressive. It's somewhat challenging for me to try to distinguish between the useful and beneficial telemetry (I have Automatic Sample Submission enabled) and the ad-related, privacy-invading junk which I've always deplored. When I had major problems with the Fall CU and Edge, I enabled Full Telemetry in Settings and that problem was mysteriously fixed within 24 hours without doing anything else.

Good story.

 

[Windows Defender Shill]

Microsoft, Apple, Google all spend millions of dollars and employee full time staffs to secure their products.

Your toaster and coffee pot are not going to do that.

Do not connect stupid appliances to the extremely hostile Internet.

 

[Deleted member 65228]

Microsoft, Apple, Google all spend millions of dollars and employee full time staffs to secure their products.

They still make mistakes and can be breached. Kaspersky spend millions but were breached by Iraq spies (and also by a criminal operation a few years ago if I recall correctly), both Microsoft and Sony have been severely attacked regarding Xbox Live/PlayStation Network multiple times in the past.

Even the government agencies have been hacked. I remember a case about a UK citizen who hasn't been extradited over a case where he hacked into the US government and would be probably charged with 99 years or something like that if he got sentenced over in the US, even though he didn't do any harm.

Money is no object. Companies with lots of money can appear better than those that do not but realistically no matter how much money you have, you'll always be vulnerable one way or another, and no matter who your employees are, there'll always be someone better out there.

 

[Windows Defender Shill]

They still make mistakes and can be breached. Kaspersky spend millions but were breached by Iraq spies (and also by a criminal operation a few years ago if I recall correctly), both Microsoft and Sony have been severely attacked regarding Xbox Live/PlayStation Network multiple times in the past.

Even the government agencies have been hacked. I remember a case about a UK citizen who hasn't been extradited over a case where he hacked into the US government and would be probably charged with 99 years or something like that if he got sentenced over in the US, even though he didn't do any harm.

Money is no object. Companies with lots of money can appear better than those that do not but realistically no matter how much money you have, you'll always be vulnerable one way or another, and no matter who your employees are, there'll always be someone better out there.

Well that's kinda of my point.

The companies who know what they are doing in regards to TECH, spend millions of dollars securing their product and still fall short of the goal.

Therefore there is no reason to TRUST a lesser tech company/product with this responsibility.