Beebone Botnet

The Beebone botnet was recently taken down by US and European officials. It was extremely difficult to take down because it used a polymorphic downloader software at its heart. This malicious software was capable of updating itself as many as nineteen times a day. It also used a pair of programs that re-downloaded each other, so that even if one was deleted there was still the other one.

The takedown involved the US government, the European Cybercrime Center, and a number of private security firms. It is estimated that the Beebone botnet infected about 12 thousand computers (which is relatively small compared to other botnets), most of which in the United states.

It was taken down by “sinkholing,” which means that all IP addresses and domain names that were used to control the affected machines were seized. They also set up their own command channel that ensured that none of these computers participated in other botnet activities or downloaded updates for beebone.

The best way to fix your computer if you were infected is to completely wipe the hard drive and reinstall the operating system.


Sam Shiffman