- Chrissy Teigen draws the ire of QAnon fans for criticizing conspiracy 5 Years Ago
- This Twitch streamer was shocked to discover a fan made videos of all her sneezes Today 9:28 AM
- ‘Rick and Morty’ episode title reveal highlights how dumb episode title reveals are Today 9:27 AM
- Ajit Pai is unhappy states are bucking his agency’s net neutrality repeal Today 9:04 AM
- Paul Rudd’s appearance on ‘Hot Ones’ becomes an instantly iconic meme Today 8:23 AM
- Network of fake news sites in Michigan appears to be right-wing propaganda effort Today 6:30 AM
- ‘BoJack Horseman’ hints at a brutal reckoning in its final season Today 5:30 AM
- How to stream Barcelona vs. Slavia Praha in the Champions League Today 2:00 AM
- How to stream Chelsea vs. Ajax in the Champions League Today 1:00 AM
- People are using #WheresLindsey to criticize Graham over Trump ‘lynching’ defense Tuesday 8:22 PM
- 2 Proud Boys sentenced to 4 years in prison for attacking antifa protesters Tuesday 7:20 PM
- Paul Joseph Watson is very upset by bartender serving beer with her butt Tuesday 6:24 PM
- Twitter developing a policy to combat deepfakes Tuesday 5:28 PM
- The Nate Diaz vs. Jorge Masvidal bout at UFC 244 is perfect for NYC and its fight mecca Tuesday 5:27 PM
- Alexis Bledel named most dangerous online celebrity Tuesday 5:02 PM
FBI and Europol bring down ‘shapeshifting’ Beebone botnet
If you get an email from your ISP, you’ve been infected.
An international joint operation by several governmental cybercrime-fighting teams and private cybersecurity firms deactivated a particularly sophisticated “shapeshifting” malware Thursday, reports Help Net Security.
By rewriting its own code, the malware, known as Beebone, was able to change its identifying characteristics up to 19 times a day to avoid detection by traditional anti-virus methods.
“Beebone is highly sophisticated. It regularly changes its unique identifier, downloading a new version of itself, and can detect when it is being isolated, studied, or attacked,” Intel Security’s chief technology officer Raj Samani told the BBC. “It can successfully block attempts to kill it.”
Criminals used the Beebone malware to force victims’ computers to download other malicious software, such as “password stealers, ransomware, rootkits, and programs designed to take down legitimate websites,” as the BBC described it.
Beebone peaked at controlling 100,000 computers a day. While the malware wasn’t particularly widespread as viruses go, experts say the sophistication of the software represents a leap forward for cybercriminals.
“In terms of size this is obviously small, but in terms of sophistication, we’re talking about an investment by the criminals,” Samani told the Associated Press.
The Joint Cybercrime Action Taskforce (J-CAT) is an international cooperative initiated by Europol’s European Cybercrime Centre (EC3), the EU Cybercrime Taskforce, the Federal Bureau of Investigation, and the NCA and hosted by EC3 at Europol. Established in September of last year, J-CAT coordinates international investigations to combat cybercrime threats.
J-CAT worked in concert with the FBI and private security firms Intel Security, Kaspersky Labs, and Shadowserver to take down Beebone using a technique called “sinkholing.”
Sinkholing is the process of intercepting traffic from specific IP addresses controlled by cybercriminals and redirecting it to sites controlled by authorities, thereby suspending communication between the malware and its creators. As most of the sites used by the criminals were under U.S. jurisdiction, the FBI assisted in sinkholing almost 100 domains.
Now authorities are asking anyone affected by Beebone to clean up their computers. Security vendors F-Secure, TrendMicro, Symantec, and Intel Security have all created a free tool to remove the malware.
How do you know if you’ve been Beeboned? Samali says victims will be notified by their ISPs.
“This is yet another great example of how Europol’s EC3 is enabling effecting cooperation between law enforcement agencies in different jurisdictions in tackling cybercrime strengths,” Brian Honan, Special Advisor on Internet Security to Europol’s EC3, told Help Net Security.
“It also shows how effective Europol’s EC3 has been in working with private industry to identify and disrupt the infrastructure criminals rely on,” he added. “It is also welcoming to see the inclusion of ISPs and CERTs in the clean-up operation post the botnet takedown.”
Despite bringing down the botnet—a network of commandeered computers used to distribute malware, launch attacks, drain bank accounts, and do other dastardly bidding—no cybercriminals were apprehended by authorities in the operation against Beebone.
But Honan reminds readers it’s “important to note that disrupting the operations and cash flow of criminal gangs can be an effective tactic.”
“Botnet takedowns also sends a clear message to criminals that they are not invulnerable, and that law enforcement are increasingly developing their capabilities in this area to detect, disrupt, and to detain those involved in online crime,” Honan said.
H/T BBC | Photo via Fernando Alfonso III
JC Sevcik is a former political contributor to the Daily Dot with a focus on police, social justice, and surveillance. He has also written for United Press International.