​International cybersquad takes down ‘Beebone’ botnet

A newly-assembled international coalition of cyber cops says it’s hijacked a network of compromised computers that had been used by criminals to spread malicious software among at least 12,000 infected machines worldwide.

The Joint Cybercrime Action Taskforce—an agency launched last year in partnership with law enforcement from the United States, United Kingdom and the European Union—said on Thursday this week that it’s seized the command-and-control server that had been used to operate the so-called ‘Beebone’ botnet.

By taking control of the server, authorities can now keep the botnet’s administrators from using a vast network of hacked computers to launch attacks. Security experts say that upwards of 12,000 machines have already been compromised since 2009, however, and that the operators of the zombie network had executed malicious programs through those computers to steal user data, including passwords and financial information.

Infected machines, according to the US Computer Emergency Response Team (US-CERT), could be ordered to “distribute malicious software, harvest users' credentials for online services, including banking services, and extort money from users by encrypting key files and then demanding payment in order to return the files to a readable state.” The compromised machines would download and run other malicious program, including ransomware and rootkits, and then rapidly change form after an infection in order and before spreading in order to evade detection.

Created in September 2014, the Joint Cybercrime Action Taskforce was assembled by the US Federal Bureau of Investigation, the National Crime Agency of the UK and Europol, among others, in an effort to tackle widespread web crime.

According to the BBC, the FBI was involved in redirecting traffic from the malicious domains used to control the botnet since those sites mostly fell under US jurisdiction, and that the takedown was conducted with the help of private security firms Intel, Kaspersky Labs and Shadowserver.

We've taken down the #Beebone polymorphic #botnet, which facilitated #malware downloads via W32/Worm-AAEH: http://t.co/YjnN5XfKhg

— McAfee Labs (@McAfee_Labs) April 9, 2015

“This successful operation shows the importance of international law enforcement working together with private industry to fight the global threat of cybercrime,” Europol Deputy Director of Operations Wil van Gemert said in a statement.

Raj Samani, an advisor for Europol, told the Associated Press on Wednesday that the shape-shifting mechanism of the malware spread by the botnet made taking control of the network a tough feat to accomplish.

"From a techie's perspective, they made it as difficult as they possibly could for us," he told the AP.

“The botnet does not seem the most widespread, however the malware is a very sophisticated one, allowing multiple forms of malware to compromise the security of the victims’ computers,” Europol said in a statement dispatched by the agency’s headquarters in The Hague this week.

New Blog by me - Takedown! McAfee Labs Stops Beebone Polymorphic Botnet - McAfee: https://t.co/r8pVm1bs6a#Beebone#botnet

— Raj Samani (@Raj_Samani) April 9, 2015

In its report, AP acknowledged that “Botnet is the term applied to networks of hijacked machines which criminals or security agencies use to spread malicious software, empty bank accounts and launch attacks.” Indeed, documents disclosed by Edward Snowden, a former contractor for the US National Security Agency, revealed last year that the NSA ran a “highly successful” botnet for spying purposes.

In January, the White House proposed changes to the US Computer Fraud and Abuse Act that would incorporate new rules to target the sellers of botnets with penalties under the CFAA.