International Effort takes down Ever-Changing Beebone Botnet

By   ISBuzz Team
Writer , Information Security Buzz | Apr 14, 2015 05:05 pm PST

Intel Security has announced its involvement in an international police operation – Operation Source – to take down a criminal infrastructure supporting a ‘polymorphic’ botnet called Beebone.

Intel Security first identified the threat in March 2014 and in September 2014 collected enough data about the threat to approach international crime agencies for their support and involvement. Intel Security then worked with Europol’s European Cybercrime Centre (EC3), the Dutch authorities, the U.S FBI, and other private sector partners in a collaborative effort to successfully takedown the cyber threat.

The Beebone botnet, which facilitates the downloading of other types of malware onto victim’s machines —including banking password stealers, rootkits, fake antivirus, and ransomware – was responsible for malware infections of thousands of systems worldwide, across 195 countries. The malware includes wormlike functionality to spread quickly to new machines by propagating across networks, removable drives (USB/CD/DVD), and through ZIP and RAR archive files. At one of its peaks in 2014, more than 100,000 infections of the Beebone botnet was detected by the McAfee Labs team. As this figure included only telemetry from Intel Security, we suspect this was likely to be much higher.

“Intel Security, along with a global law enforcement collaboration including the Dutch High Tech Crime Unit, Europol, and FBI, this week has successfully dismantled the polymorphic worm known as W32/Worm-AAEH/Beebone,” said Raj Samani, EMEA CTO. “Intel Security is aware of more than 5 million unique AAEH samples with more than 100,000 machines from 200 countries identified. This kind of takedown could not of happened without the cooperation between police organisations and private companies like Intel Security.”

Intel Security worked closely with crime authorities and other security providers to develop tools which lead to the successful eradication of the botnet threat, which included the takedown of 100 domains

“This operation is further evidence that only a combined response is capable of slowing down the every growing menace of cybercrime. With both public and private agencies working together to battle the ever-evolving cyber-threat do we have a chance of bringing them down and making the online world a safer place for all,” concluded Samani.

Intel Security has worked closely with Europol, the FBI and the Dutch High Tech Crime Unit to develop tools to take down this global threat, which facilitates the downloading of other types of malware onto victim’s machines —including banking password stealers, rootkits, fake antivirus, and ransomware.

Duo Security RSAC 2015 – Register to win a free Quadcopter.

About Raj Samani

Raj Samani

Bio: Raj is currently working as the VP, Chief Technical Officer for McAfee EMEA, having previously worked as the Chief Information Security Officer for a large public sector organisation in the UK.He volunteers as the Cloud Security Alliance Chief Innovation Officer, and Special Advisor for the European CyberCrime Centre, and is on the advisory councils for Infosecurity Europe, and Infosecurity Magazine.  In addition, Raj was previously the VP for Communications in the ISSA UK Chapter, having presided over the award for Chapter communications programme of the year 2008, and 2009, and was inducted into the Infosecurity Europe Hall of Fame 2012.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x