Blog        Forum        Spam        Check & Secure                      
Articles > The Beebone Botnet

The Beebone Botnet

Overview

U.S. and European law enforcement agencies have shut down a highly sophisticated piece of the botnet that had infected more than 12,000 computers worldwide, allowing hackers to steal victims’ banking information and other sensitive data.

On 8 April, Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT), joined forces with the Dutch authorities and the FBI, and U.S-based representatives at the National Cyber Investigative Joint Task Force- International Cyber Crime Coordination Cell (IC4) along with private sector partners, to target the Beebone (also known as AAEH) botnet, a polymorphic downloader bot that installs various forms of malware on victims’ computers. Initial figures show that over 12 000 computers have been infected, however it is likely there are many more.

Description

A botnet is a network of large number of computers compromised with malicious software and controlled surreptitiously by hackers without the knowledge of victims. Basically, a "botnet" is a hacker’s "robot" that does the malicious work directed by hackers.

Hackers and Cyber Criminals have brushed up their hacking skills and started using Botnets as a cyber-weapon to carry out multiple crimes such as DDoS attacks (distributed denial of service), mass spamming, advertising revenue manipulation, cyber espionage, mining bitcoins, surveillance etc.

Beebone botnet is a downloader software (kind of botnet downloader) that installs other forms of malicious software, including ransomware and rootkits, onto victims' machines without their even consent.

Impact

The size of the network it infected was not significant (over 12,000 computers), but the operators managed to maintain control of the infected machines over the years by making Beebone botnet polymorphic in nature, so that it can update itself in order to avoid antivirus detection.

However, it is believed that there are many more to come. According to Europol, currently there are more than 5 Million unique samples of Beebone botnet in the wild, with over 205,000 samples taken from a total of 23,000 computer systems between 2013 and 2014.

Beebone infections spread across more than 195 countries. Most of the infections are reported in the United States, followed by Japan, India, and Taiwan, said Europol's Deputy Director of Operations, Wil van Gemert.

Beebone botnet updates itself as many as 19 times a day which makes the malware slightly different threat from all the existing botnets as well as prevent botnet detection.

Once infected, the machines was ordered to "distribute malicious software, harvest users' credentials for online services, including banking services, and extort money from users by encrypting key files and then demanding payment in order to return the data to a readable state," the US Computer Emergency Response Team (US-CERT) said.

Beebone also relied on a pair of programs that re-downloaded each other, acting as an insurance policy should one of them be removed, authorities told the Associated Press. "From a techie's perspective, they made it as difficult as they possibly could for us," a Europol advisory told the news organization.

Solution

F-Secure, Intel Security, Symantec and TrendMicro have released a remedy to clean and restore infected computers' defence. For those who fear their computer may have been infected, we recommend downloading specialist disinfection software.

For further information please visit www.getsafeonline.org, www.cyberstreetwise.com or https://www.us-cert.gov.

The above are examples only and do not constitute an exhaustive list.

References

Regarding the security of your computer please consider the following basic rules:

  1. Check your computer for infection.
  2. Install current Service Packs and Security Updates for your system. Activate automatic updates.
  3. Check your internet browser and the embedded plugins (e.g. Java, Flash, Shockwave, Quicktime) regularly for Actuality.
  4. Install a virus scanner and update it regularly.
  5. Use a Firewall e.g. Windows built-in Firewall or a Router.

Good to know

Inform
Find out what botnets are, the damage they cause, and how they threaten the data on your computer.

Clean
Here you can find small programs and tutorials which enable you to remove a botnet infection from your computer.

Protect
In this section you will find many tips on how to protect your computer from infection.

Copyright © 2014-2015 CERT-RO. All rights reserved.