Police operation disrupts Beebone botnet used for malware distribution

The U.S. has the largest number of computers infected with Beebone

Europol, in collaboration with Dutch authorities, the U.S. FBI and private security companies, have seized the domain names used to control a botnet called Beebone.

The police action Wednesday included a so-called botnet sinkholing operation that involved redirecting domains used by the botnet's command-and-control servers to a server controlled by security companies.

Such an action prevents attackers from controlling the botnet and also gives authorities a chance to identify victims whose computers are now connecting to the sinkhole server.

Information about the botnet will be distributed to ISPs and CERTs [computer emergency response teams] from around the world so they can notify victims and help them clean their systems, Europol said Thursday in a press release.

Compared to some other botnets, Beebone was not large. Initial figures suggest that it's made up of about 12,000 computers, but the final count may be higher.

Since the beginning of the year, Symantec has detected about 30,000 attempted infections by Beebone a month. The U.S., South Africa, Brazil, Mexico and India have the most infected computers.

The Beebone malware, also known as Changeup, is a polymorphic worm that has been around since 2009. It's particularly dangerous because it's used as a malware distribution platform.

Over the years Beebone has been used to distribute more than a dozen computer backdoors, worms, Trojans and other malicious programs, according to an entry in Microsoft's malware database.

Beebone gets installed on systems through drive-by downloads -- Web-based attacks that exploit vulnerabilities in browsers -- but it's also distributed by the Vobfus worm. Beebone itself also installs Vobfus, creating a malware infection loop.

"We will continue our efforts to take down botnets and disrupt the core infrastructures used by cybercriminals to carry out a variety of crimes," said Europol's deputy director of operations, Wil van Gemert. "Together with the EU member states and partners around the globe, our aim is to protect people worldwide against these criminal activities."

Symantec offers a free tool that can detect and clean Beebone/Changeup infections.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags MicrosoftmalwaresymantecFederal Bureau of InvestigationEuropolWil van Gemert

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Lucian Constantin

Lucian Constantin

IDG News Service
Show Comments

Father’s Day Gift Guide

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Ada Chan

Dynabook Portégé X30L-G

I highly recommend the Dynabook Portégé® X30L-G notebook for everyday business use, it is a benchmark setting notebook of its generation in the lightweight category.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?