Beebone Botnet Taken Down

As of last week, the Beebone botnet was taken down by the joint effort of international agencies and security researchers. The agencies include Europol and the FBI and the security research group include Intel Security and Kaspersky Lab. The botnet was taken down by taking away the domain names that the botnet uses to communicate and redirect traffic.

According to Symantec, Beebone, also known as Changeup, is a polymorphic worm that first surfaced in 2009. It initially infected computers by using the autorun feature on removable drives, but would later exploit the Microsorft Windows Shortcut “LNK” Files Automatic File Execution Vulnerability. Its final form would use file sharing applications to infect more computers. Beebone’s main use is a delivery system for other threats such as Trojan.Sasfis, Backdoor.Tidserv  and Downloader. These threats which would open a back door into infected computers as well as download misleading applications. It was also known to constantly update itself with newer versions to try and stay ahead of anti-virus software.

Although there were not any arrests made, this is still a hard hit to the infrastructure of cyber crime. This also demonstrates that  government and the private section can work together to take down cyber criminals.

Source:

http://www.symantec.com/connect/blogs/coordinated-takedown-disrupts-changeup-malware-distribution-network

http://www.securityweek.com/authorities-takedown-beebone-botnet-international-operation

-Zhi-Han Ling

Advertisements