- TikTok signs licensing agreement with Merlin 5 Years Ago
- Anime film ‘NiNoKuni’ falls apart with flimsy plotting 5 Years Ago
- Cop who called for boycott of Beyoncé’s Super Bowl performance now says he’s Black Today 11:12 AM
- Uber, Lyft dragged for surging prices during mass shooting Today 11:06 AM
- The legacies of colonialism loom in Netflix’s new horror show ‘Ares’ Today 10:41 AM
- College student arrested in China after tweeting about Xi Jinping Today 10:37 AM
- YouTuber ImJayStation accused of faking the death of his girlfriend for views Today 10:23 AM
- Twitter sends cease-and-desist letter to facial recognition firm scraping its images Today 10:01 AM
- A CNN analyst’s impeachment joke sparks fake news fury Today 9:08 AM
- Patrick Stewart invited Whoopi Goldberg to join ‘Star Trek: Picard’ season 2 Today 8:26 AM
- Dolly Parton inspires ‘LinkedIn, Facebook, Instagram, Tinder’ meme Today 8:12 AM
- ‘Star Trek: Picard’ episode 1 recap: A glimpse into a troubled future Today 8:00 AM
- ‘Captain Marvel 2’ movie in the works with new screenwriter Today 7:11 AM
- Fortune Feimster embraces the past and present in celebratory ‘Sweet & Salty’ Today 7:00 AM
- Review: ‘Star Trek: Picard’ is a triumphant return for Patrick Stewart Today 5:00 AM
FBI and Europol bring down ‘shapeshifting’ Beebone botnet
If you get an email from your ISP, you’ve been infected.
An international joint operation by several governmental cybercrime-fighting teams and private cybersecurity firms deactivated a particularly sophisticated “shapeshifting” malware Thursday, reports Help Net Security.
By rewriting its own code, the malware, known as Beebone, was able to change its identifying characteristics up to 19 times a day to avoid detection by traditional anti-virus methods.
“Beebone is highly sophisticated. It regularly changes its unique identifier, downloading a new version of itself, and can detect when it is being isolated, studied, or attacked,” Intel Security’s chief technology officer Raj Samani told the BBC. “It can successfully block attempts to kill it.”
Criminals used the Beebone malware to force victims’ computers to download other malicious software, such as “password stealers, ransomware, rootkits, and programs designed to take down legitimate websites,” as the BBC described it.
Beebone peaked at controlling 100,000 computers a day. While the malware wasn’t particularly widespread as viruses go, experts say the sophistication of the software represents a leap forward for cybercriminals.
“In terms of size this is obviously small, but in terms of sophistication, we’re talking about an investment by the criminals,” Samani told the Associated Press.
The Joint Cybercrime Action Taskforce (J-CAT) is an international cooperative initiated by Europol’s European Cybercrime Centre (EC3), the EU Cybercrime Taskforce, the Federal Bureau of Investigation, and the NCA and hosted by EC3 at Europol. Established in September of last year, J-CAT coordinates international investigations to combat cybercrime threats.
J-CAT worked in concert with the FBI and private security firms Intel Security, Kaspersky Labs, and Shadowserver to take down Beebone using a technique called “sinkholing.”
Sinkholing is the process of intercepting traffic from specific IP addresses controlled by cybercriminals and redirecting it to sites controlled by authorities, thereby suspending communication between the malware and its creators. As most of the sites used by the criminals were under U.S. jurisdiction, the FBI assisted in sinkholing almost 100 domains.
Now authorities are asking anyone affected by Beebone to clean up their computers. Security vendors F-Secure, TrendMicro, Symantec, and Intel Security have all created a free tool to remove the malware.
How do you know if you’ve been Beeboned? Samali says victims will be notified by their ISPs.
“This is yet another great example of how Europol’s EC3 is enabling effecting cooperation between law enforcement agencies in different jurisdictions in tackling cybercrime strengths,” Brian Honan, Special Advisor on Internet Security to Europol’s EC3, told Help Net Security.
“It also shows how effective Europol’s EC3 has been in working with private industry to identify and disrupt the infrastructure criminals rely on,” he added. “It is also welcoming to see the inclusion of ISPs and CERTs in the clean-up operation post the botnet takedown.”
Despite bringing down the botnet—a network of commandeered computers used to distribute malware, launch attacks, drain bank accounts, and do other dastardly bidding—no cybercriminals were apprehended by authorities in the operation against Beebone.
But Honan reminds readers it’s “important to note that disrupting the operations and cash flow of criminal gangs can be an effective tactic.”
“Botnet takedowns also sends a clear message to criminals that they are not invulnerable, and that law enforcement are increasingly developing their capabilities in this area to detect, disrupt, and to detain those involved in online crime,” Honan said.
H/T BBC | Photo via Fernando Alfonso III
JC Sevcik is a former political contributor to the Daily Dot with a focus on police, social justice, and surveillance. He has also written for United Press International.