© Provided by: pestaola.gr
ESET researchers, in collaboration with Microsoft, have shaken down an important botnet business known as “Gamarue” that infects computers since 2011.
The Gamarue Tracking Business (identified as Win32 / TrojanDownloader.Wauchos) also involved law enforcement agencies, in particular the FBI, Interpol, Europol and other agencies.
Coordinated abusive actions started on 29 November 2017 and thanks to this joint effort, law enforcement agencies around the world were able to proceed with arrests and block the activity of the malware family responsible for infecting more than 1.1 million systems monthly.
ESET and Microsoft researchers exchanged technical analyzes, statistical information, and popular domains from C & C servers to help stop the malicious activity of the group. ESET also shared its knowledge of “Gamarue”, which it had gathered from the ongoing monitoring of malware and its impact on users in recent years.
What is “Gamarue”?
The Gamarue family was created by cyber criminals in September 2011 and was sold as a “crime-kit” to an underground forum on Dark Web to steal credentials and download and install additional malware on user systems.
This malware family is a bot with personalization capabilities, allowing its owner to create and use custom plugins. Such a plugin allows cybercriminals to steal the content that users enter into web forms, while another allows the connection of cybercriminals and the control of the breached systems.
His popularity has led to a number of independent, “in the wild” Gamarue botnets. In fact, ESET has found that Gamarue samples have spread all over the world through social media, instant messaging, removable media, spam and exploit kits.
How did ESET and Microsoft researchers collect information?
Using ESET Threat Intelligence, ESET researchers managed to create a bot that could communicate with the C & C server of the threat. Thus, ESET and Microsoft have been able to closely monitor Gamarue botnets over the past 1.5 years, to locate C & C servers and “drop” them and control what has been installed in the victim’s systems. Since then, the two companies have created a list of all the domains that cybercriminals use as C & C servers.
What should users do if they suspect that their systems have been breached?
Cyber criminals have traditionally used “Gamarue” to target home users to steal credentials from websites through a plugin with grabbing capabilities. However, ESET researchers have recently noticed that malware has been used to install various spam bots on infringing systems in a so-called “pay-per-install” system.
ESET informs those who are afraid that their Windows may have been breached, to download and use the ESET Online Scanner, which will remove any threats on the system, including “Gamarue”. To learn about more advanced ways to protect your devices from botnets, visit the dedicated ESET website.
(Συνολικές Επισκέψεις: / Total Visits: 8)
(Σημερινές Επισκέψεις: / Today's Visits: 1)