Shape-Shifting ‘Beebone’ Malware Taken Down by Europol and the FBI

/ 2 years ago


It looks like a shape-shifting malware that was able to change its identity up to 19 times a day to avoid detection has been put to rest by Europe’s Cybercrime Centre and the FBI.

The malware dubbed ‘Beebone’ is said to have been controlling 100,000 computers at its peak back in September 2014 and was used to download other programs on the infected computer. The malware is estimated to have made 12,000 victims, who are now asked to clean up their PCs using latest anti-malware and anti-virus programs.

Beebone has been said to download password stealers, ransomware, rootkits, and programs designed to take down legitimate websites on the affected computers.

“Beebone is highly sophisticated. It regularly changes its unique identifier, downloading a new version of itself, and can detect when it is being isolated, studied, or attacked.” Raj Samani, Intel Security Chief Technology Officer stated.”It can successfully block attempts to kill it.”

Almost 100 .net, .com, and .org domains have been ‘sinkholed’ by the Joint Cybercrime Action Taskforce in order to redirect the attackers’ traffic and intercept requests for further instructions made by the malicious software.

The FBI has also assisted in redirecting the traffic for most of the sites due to the fact that most of the sites used were operated from the United States.

However, this is not a permanent solution for the malware in question. This is why Paul Gillen, head of operations at the European Cybercrime Centre, urges both agencies to look into finding those responsible and bringing them to justice.

“We can’t sinkhole these domains forever. We need those infected to clean up their computers as soon as possible.” Paul Gillen told the BBC.

Even with the attackers in custody, the malware is still out there on unsuspecting victims’ PC. This is where Raj Samani comes in and stated that those who have the malware “will be notified by their internet service provider”.

ISPs in each affected country will be handed a list of suspected victims to contact by the task force. Also, a free removal tool has been issued by software security firms in order to deal with the malware at hand, including F-Secure, TrendMicro, Symantec and Intel Security.

Thank you BBC for providing us with this information

Topics: , , , , , , , , , , , , , , , ,