On Wednesday, European and American police seized a series of European-based servers behind a botnet responsible for spreading various forms of malware on computers in the United States. Cyberthieves in turn could use that malware to steal banking passwords and other illicitly valuable information from victims.
The European Cybercrime Center and the U.S. Federal Bureau of Investigation, working together, seized servers from locations across Europe, but have not yet made any arrests because they say it's too early to tell who exactly is responsible for the botnet, nicknamed Beebone.
A botnet, sometimes called a “zombie army,” is a network of private computers all infected with malware (usually without their owners' knowledge) and working toward some common goal for the malware writer — such as sending spammy emails. That malware is often called “zombie” software because it takes over your computer or device and turns it into a zombie, mindlessly obeying the malware-writers' commands.
The Beebone botnet was particularly difficult for investigators to track down because it used shape-shifting, or “polymorphic,” software that would update itself up to 19 times per day, in order to avoid detection by security programs.
Europol, the European Union's equivalent of the FBI, said that
The botnet was 'sinkholed' by registering, suspending or seizing all domain names with which the malware could communicate and traffic was then redirected. Data will be distributed to the ISPs (Internet Service Providers) and CERTs (Computer Emergency Response Teams) around the world, in order to inform the victims. The botnet does not seem the most widespread, however the malware is a very sophisticated one, allowing multiple forms of malware to compromise the security of the victims’ computers.
In other words: by botnet standards, Beebone only infected a relatively small number of computers, but those computers were infected far worse than ordinary botnet zombies, with multiple forms of malware including password stealers [especially useful for thieves seeking to drain bank accounts], ransomware, rootkits and fake antivirus software.
Even though the Beebone servers have been seized, the individual zombie computers comprising the botnet still need to be disinfected with antivirus software (the real thing, not fake antivirus software which only serves to spread more malware).
Yet that alone might not be enough. As ArsTechnicanoted:
To be fully free of the Beebone menace, infected computers still must be disinfected using AV software or, better yet, by having their hard drives wiped and operating systems reinstalled. Authorities are in the process of contacting Internet service providers and computer emergency response teams around the world to help identify and contact individual victims.
Since authorities genuinely will be contacting people – at least some people – about Beebone warnings, that means scam artists will soon start using Beebone as a pretense for sending more malware-infected spam messages. As always, ignore and delete any unsolicited text message or email asking you to click on a link or download a file attachment.