14 DAY TRIAL // The Beebone network of infected computers has been torn down in an operation that involved law enforcement organizations from Europe and the US, as well as private security companies.
Although the size of the botnet was not large, the operators managed to maintain control over the years by making the malware polymorphic in nature, a tactic that creates slightly different versions of the threat in order to avoid antivirus detection.
C&C domains are no longer controlled by the cybercriminals
The daily routine of Beebone malware, apart from downloading and executing other threats delivered by its operators, included performing multiple updates of itself, sometimes more than 10 times.
Also known under the name AAEH, Beebone has been seen to install infostealers, backdoors, other malware droppers or banking Trojans on compromised computers.
The takedown operation consisted in sinkholing all the command and control (C&C) servers used by Beebone to receive instructions from the cybercriminals. The action required registering the domain names, suspending or seizing them, in order to ensure that no machine in the botnet could receive new commands.
The law enforcement organizations worked with security experts from Intel, Kaspersky and Shadowserver to achieve their goal.
Beebone has more than 5 million unique samples
According to an announcement from Europol on Thursday, the initial infection numbers showed that more than 12,000 machines had been compromised.
It is a small figure compared to other operations in the past, which took down networks of hundreds of thousands of systems, but its sophistication was notable.
Europol says that, at the moment, there are over 5 million unique samples of Beebone in the wild. Between 2013 and 2014, a total of 23,000 computers received over 205,000 variants of the malware.
“These systems are spread across more than 195 countries, demonstrating the threat’s global reach. The United States reported the greatest number of infections followed by Japan, India and Taiwan,” Europol says.
The Beebone takedown effort was led by the Dutch National High Tech Crime Unit.