UK firms have been urged to purge their computers of Beebone distributed malware after the botnet was downed by an international operation.
The botnet – also known as AAEH – was taken down in an operation by Europol’s European Cyber Crime Centre (EC3) the Joint Cybercrime Action Taskforce (J-CAT), Dutch police and the FBI.
The operation involved US-based representatives of the International Cyber Crime Coordination Cell (IC4) and private sector partners.
The botnet was "sinkholed" by registering, suspending or seizing all domain names with which the malware could communicate, and redirecting all traffic.
Data was distributed to internet service providers (ISPs) and computer emergency response teams (CERTs) around the world to inform victims.
The operation is believed to have halted the botnet before it could infect millions of computers – however the malware is described as very sophisticated.
Beebone is polymorphic, which means it can change its identity by downloading different versions of itself to avoid traditional signature-based antimalware detection methods.
Read more about polymorphic malware
- Polymorphic malware remains a favorite tool for attackers trying to avoid detection by signature-based antivirus software.
- Polymorphic viruses are built to dodge signature-based detection technologies.
- A faster spreading polymorphic version of the Zeus online banking password-stealing Trojan is targeting computers in the US and UK.
Global reach highlights need for collaboration
According to security researchers, there are over 5 million unique W32/Worm-AAEH samples, with more than 205,000 samples from 23,000 systems in 2013-2014.
These systems are spread across more than 195 countries, demonstrating the threat’s global reach. The US reported the greatest number of infections followed by Japan, India and Taiwan.
Europol’s deputy director of operations, Wil van Gemert, said the operation showed the importance of international law enforcement working together with private industry to fight the global threat of cyber crime.
“We will continue our efforts to take down botnets and disrupt the core infrastructures used by cyber criminals to carry out a variety of crimes,” he said.
“Together with the EU member states and partners around the globe, our aim is to protect people worldwide against these criminal activities."
Software measures to disinfect computers
F-Secure, Intel Security, Symantec and TrendMicro have released remedies to clean and restore infected computers' defences.
For those who fear their computer may have been infected, EC3 recommends downloading specialist disinfection software.
UK government-backed Get Safe Online is urging small businesses and consumers to take advantage of the Beebone botnet takedown to ensure their computers are infection-free.
“We urge you to protect yourself by making sure internet security software is installed and updated, by running scans and checking that your computer operating systems and software programs are up to date,” the Get Safe Online website said.
Head of operations at EC3, Paul Gillen, told the BBC the agency will now focus on identifying those behind the attacks and bringing them to justice.
“We can't sinkhole these domains forever. We need those infected to clean up their computers as soon as possible,” he said.