Certified company | Engineering the world

Get in touch

Police Stops Andromeda Botnet And Frees 1.3 Million Hijacked Computers

Dec 5, 2017 | Uncategorized | 0 comments

After the big blow against the Avalanche botnet exactly one year ago, the public prosecutor’s office in Verden has now announced a new search success: In cooperation with the FBI, the prosecutors from Lower Saxony have now switched off the botnet, which was used to distribute the malicious software, Andromeda.


Investigators of the Central Crime Inspectorate Lueneburg under the direction of the prosecutor Verden have officially announced the blow against the global botnet today.Accordingly, in a coordinated action on Wednesday of last week, not only could the botnet itself be switched off, thus freeing over 1.3 million hijacked computers, but also carrying out initial arrests. The action ran under the code name “Takedown 2”. According to the press release of the state prosecutor Verden, malicious software called Andromeda, which is linked to banking Trojans and general identity theft, was distributed via the botnet.

“The infection of the victim system with the malicious software Andromeda takes place on the one hand by e-mail, which contains a faulty link.On clicking on the link the victims load a Microsoft Office document on their computer, with which they are asked to download. On the other hand, the infection can be made via so-called drive-by exploits, which are on compromised banners or websites, mainly those with questionable content (pornography, illegal sales, copyright infringement through video streaming, etc.). “, the prosecutor now clarifies.

Also Read: Millennials Are More Likely To Seek Assistance Of Robot Counselors

The investigations against the botnet were started about two years ago together with Microsoft. Now a suspect in Belarus was arrested. During the search of his apartment, the investigators confiscated incriminating material. Seven tax servers in six different countries could also be confiscated or shut down. “In addition, 1,500 domains of the malicious software Andromeda are subject to a so-called sinkholing measure,” said the prosecutor. As a result, last Wednesday alone, 1.35 million IT systems were identified that were infected with the Andromeda malware. The BSI has informed the affected persons accordingly and provides tips on the website for the identification of infected systems.


let’s get connected

Have a Question?

If you have any questions or need to discuss about your project
Feel free to reach out to our friendly team.