Investigators from Lower Saxony, toger with federal police FBI, have turned off a global botnet. This was spread of “Andromeda” malicious software that spied computers worldwide, as stated in a communication from Lüneburg police and prosecutor’s office in Verden. The EU police authority Europol and investigators from 25 or countries were also involved.
if ( typeof AdController !== ‘undefined’ !window.Zeit.isMobileView()) { if ( !document.getElementById( ‘iqadtile8’ ) ) { var elem = document.createElement( ‘div’ ); elem.id = ‘iqadtile8’; elem.className = “ad ad-desktop ad-desktop–8 ad-desktop–8-on-article”; elem.setAttribute(‘data-banner-type’, ‘desktop’); elem.setAttribute(‘data-banner-label’, ‘Anzeige’); document.getElementById(‘ad-desktop-8’).parentNode.appendChild(elem); AdController.render(‘iqadtile8’); if ( window.console typeof window.console.info === ‘function’ ) { window.console.info(‘AdController ‘ AdController.VERSION ‘ tile 8 desktop’) } } } if ( typeof AdController !== ‘undefined’ window.Zeit.isMobileView()) { if ( !document.getElementById( ‘iqadtile3’ ) ) { var elem = document.createElement( ‘div’ ); elem.id = ‘iqadtile3’; elem.className = “ad ad-mobile ad-mobile–3 ad-mobile–3-on-article”; elem.setAttribute(‘data-banner-type’, ‘mobile’); document.getElementById(‘ad-mobile-3’).parentNode.appendChild(elem); AdController.render(‘iqadtile3’); if ( window.console typeof window.console.info === ‘function’ ) { window.console.info(‘AdController ‘ AdController.VERSION ‘ tile 3 mobile’) } } }
The investigators recorded a suspects in Belarus, confiscated seven servers and turned m off. Through se servers, malware was spread worldwide. “Using this malware, perpetrators managed to infect several million PC systems in recent years,” communication says. Users in North America, Asia and Europe were particularly affected.
A bot is a program that can be installed by an attacker on a computer without user being able to get it. The attacker can remotely access system. If many bots are joined toger, it is a botnet.
Software spread through emails and banner ads
The malicious software Andromeda peeks at computers and can infect system with a banking Trojan that is tailored to user’s computer. It spread eir via emails containing a defective link or via so-called drive-by exploits. These are, for example, on manipulated advertising banners and on websites with “dubious content”, such as pornography, illegal sales or Videostreamingangeboten, it is stated in communication.
if ( typeof AdController !== ‘undefined’ !window.Zeit.isMobileView()) { if ( !document.getElementById( ‘iqadtile4’ ) ) { var elem = document.createElement( ‘div’ ); elem.id = ‘iqadtile4’; elem.className = “ad ad-desktop ad-desktop–4 ad-desktop–4-on-article”; elem.setAttribute(‘data-banner-type’, ‘desktop’); elem.setAttribute(‘data-banner-label’, ‘Anzeige’); document.getElementById(‘ad-desktop-4’).parentNode.appendChild(elem); AdController.render(‘iqadtile4’); if ( window.console typeof window.console.info === ‘function’ ) { window.console.info(‘AdController ‘ AdController.VERSION ‘ tile 4 desktop’) } } } if ( typeof AdController !== ‘undefined’ window.Zeit.isMobileView()) { if ( !document.getElementById( ‘iqadtile4’ ) ) { var elem = document.createElement( ‘div’ ); elem.id = ‘iqadtile4’; elem.className = “ad ad-mobile ad-mobile–4 ad-mobile–4-on-article”; elem.setAttribute(‘data-banner-type’, ‘mobile’); document.getElementById(‘ad-mobile-4’).parentNode.appendChild(elem); AdController.render(‘iqadtile4’); if ( window.console typeof window.console.info === ‘function’ ) { window.console.info(‘AdController ‘ AdController.VERSION ‘ tile 4 mobile’) } } }
The investigators were able to take control of 1,500 such Internet addresses. As a result, at end of November, y were able to identify 1,350,000 IT systems that had been intested with Andromeda malware, communication said. The affected PC owners are now notified.
The FBI has been conducting investigations since 2015 toger with US group Microsoft. When investigators from Lower Saxony discovered world’s largest infrastructure for operation of Botnets, Avalanche last year, US authorities asked for help. At that time, after four years of investigation, 39 servers had been shut down, which had accessed computers in 180 states. Avalanche had infected hundreds of thousands of computer systems with malware. Europol estimated damage at that time to several hundred million euros, 16 suspects had been arrested. Both Avalanche and now lame network spread same malware, Andromeda.