Microsoft and ESET took down a botnet using a botnet spy


A botnet known as Gamarue has been infecting machines for the better part of six years, until it was shutdown earlier this week.

Tech firms ESET and Microsoft collaborated with the FBI, Interpol, Europol, and others to execute a coordinated take-down of the malware responsible for spreading the botnet.

The way the take-down was executed reads like something out of a spy novel, albeit a spy novel that involves no human espionage.

Researchers at ESET created a bot that could communicate with Gamarue command and control servers. From there ESET and Microsoft were able to not only able to track the botnet but also locate the aforementioned servers.

Advert

“This particular threat has been around for several years now and it is constantly reinventing itself – which can make it hard to monitor. But by using ESET Threat Intelligence and by working collaboratively with Microsoft researchers, we have been able to keep track of changes in the malware’s behavior and consequently provide actionable data which has proven invaluable in these takedown efforts,” said senior malware researcher at ESET, Jean-Ian Boutin.

The result of the operation has led to an arrest and a halt to the functioning of the botnet which reportedly infected 1.1 million systems a month.

[Image – CC 0 Public Domain Pixabay]

Join the conversation

Advert