U.S. and European law enforcement agencies have shut down a highly sophisticated piece of the botnet that had infected at least 12,000 computers worldwide, allowing hackers to steal victims’ banking information and other sensitive data.

The law enforcement agencies from the United States, United Kingdom and the European Union conducted a joint operation to get rid of the botnet across the globe and seized the command-and-control server that had been used to operate the nasty Beebone (also known as AAEH) botnet.

What’s a Botnet?

A botnet is a network of large number of computers compromised with malicious software and controlled surreptitiously by hackers without the knowledge of victims.

Basically, A "botnet" is a hacker’s "robot" that does the malicious work directed by hackers.


Hackers and Cyber Criminals have brushed up their hacking skills and are using Botnets as a cyber weapon to carry out multiple crimes like DDoS attacks (distributed denial of service), mass spamming, advertising revenue manipulation, cyber espionage, mining bitcoins, surveillance etc.

However, this is not first time we hear about a sophisticated botnet took down by law enforcement agencies.

Just two months ago, law Enforcement took down Ramnit botnet, which infected over 3.2 Million computers worldwide, and last year the FBI and Europol torn down the GameOver Zeus botnet, although it came back a month after its took down.

So, What’s new about Beebone Botnet?

Beebone botnet is a downloader software (kind of botnet downloader) that installs other forms of malicious software, including ransomware and rootkits, onto victims' machines without their even consent.

The size of the network it infected was not significant, but the operators managed to maintain control of the infected machines over the years by making Beebone botnet polymorphic in nature, so that it can update itself in order to avoid antivirus detection.

Here’s the Kicker:

Beebone botnet updates itself as many as 19 times a day which makes the malware slightly different threat from all the existing botnets as well as prevent botnet detection.

Once infected, the machines was ordered to "distribute malicious software, harvest users' credentials for online services, including banking services, and extort money from users by encrypting key files and then demanding payment in order to return the data to a readable state," the US Computer
Emergency Response Team (US-CERT) said.

5 MILLION UNIQUE SAMPLES OF BEEBONE IN THE WILD

Initial figures show:

Beebone has infected over 12,000 computers, which seems to be a tiny number compared to other Zeus botnet infection in the past that infected millions of computers across the world.

However, it is believed that there are many more to come. According to Europol, currently there are more than 5 Million unique samples of Beebone botnet in the wild, with over 205,000 samples taken from a total of 23,000 computer systems between 2013 and 2014.

BEEBONE INFECTION WORLDWIDE

The footprint of Beebone botnet is worldwide:

Beebone infections spread across more than 195 countries. Most of the infections are reported in the United States, followed by Japan, India, and Taiwan, said Europol's Deputy Director of Operations, Wil van Gemert.

What’s the best part?

The Federal Bureau of Investigation (FBI) is currently working with other U.S. law enforcement agencies and Europol's European Cybercrime Centre (EC3), the Dutch National High Tech Crime Unit and the Joint Cybercrime Action Taskforce in order to combat Beebone.

Why Botnets re-emerged after took down?

The main reason is that the author of the botnet did not get arrested, according to me.
It really doesn’t matter how many domains the law enforcement took down or how many sinkholes security researchers create if the attackers not arrested…