Security researchers at ESET, a Slovak Republic-based endpoint vendor, announced yesterday evening that through a collaborative effort with the FBI, Interpol, Europol, and fellow tech company Microsoft they have taken down the major botnet operation Gamarue. Also known as Wauchos and Andromeda, Gamarue has plagued victims since 2011, stealing credentials and installing malware onto user’s servers.
The coordinated take-down effort began on Nov. 29, and concluded with an arrest, according to officials. ESET and Microsoft researchers shared technical analysis, statistical information, and known command control (C&C) servers’ domains to help disrupt the malicious activity of the criminal group. ESET also shared its historical knowledge of Gamarue, gained from the continual monitoring of the malware and its impact on users over the past few years.
Consequently, ESET and Microsoft were able to closely track Gamarue’s botnets for the past year and a half, identifying their C&C servers for takedown and monitoring what was installed on victims’ systems. The two companies have since compiled a list of all of the domains used by the cybercriminals as C&C servers.
“In the past, Wauchos has been the most detected malware family amongst ESET users, so when we were approached by Microsoft to take part in a joint disruption effort against it, to better protect our users and the general public at large, it was a no-brainer to agree,” said Jean-Ian Boutin, Senior Malware Researcher at ESET.
Part of what makes Gamarue intriguing from a criminal anthropology perspective is that it was sold on Dark Web forums as a crime-kit; the botnet was customizable, allowing the owner to create and use custom plugins. One such plugin allowed the cybercriminal to steal content entered by users in web forms while another enabled criminals to connect back and control compromised systems. Its popularity has resulted in a number of independent Gamarue botnets in the wild.
Therefore, while Gamarue being defeated is a positive step, its existence is a sign of more such crime-kits and customizable hacking programs to come as hackers become better coordinated and corporate in structure. Gamarue could be a herald of the future of cybercrime, as we predicted in our 5 Major Cybersecurity Threats of 2018.
Let us hope that these collaborations between law enforcement and endpoint security vendors continue well into the future to combat these new threats.