Microsoft on Thursday revealed additional details about the notorious Gamarue botnet, which was considered one of the world’s largest malware operations until it was disrupted late last year.
Gamarue, also known as Andromeda, is a vast and dangerous network of infected computers operated by cybercriminals for profit. The infected machines communicated with servers controlled by Gamarue to spread malware and harness click-bait fraud.
Microsoft said in its 23rd Security Intelligence Report that the takedown of the Gamarue botnet illustrates the relentless measures cybercriminals are willing to take distribute ransomware and steal and sell personal data.
In 2015, Microsoft’s security teams began analyzing more than 44,000 malware specimens, revealing Gamarue’s “sprawling infrastructure,” according to the report. The security teams shared with law enforcement more than 1,200 IP addresses for servers controlled by the Gamarue botnet as well as 464 individual botnets trolling the web and trying to deploy bugs from more than 80 different malware families.
The FBI and law enforcement officials across the globe took down the botnet on Nov. 29. Microsoft said the Gamarue had been responsible for spreading a series of destructive bugs since 2011, including Petya and Cerber ransomware bugs as well as Kasidet, which was deployed for DDoS attacks.
Microsoft said in Thursday’s report that, like other botnets and exploits, Gamarue has been available on the black market as a sort of cybercrime-in-a-box kit. Components that could be added to Gamarue include a bot-builder and a PHP-based dashboard that allows hackers to oversee and control their bots.
Additional plug-ins include a keylogger for $150, a “formgrabber,” which, for $250, siphons data away from browser web forms and a “teamviewer,” which enables an attacker to remotely control and spy on a victim’s desktop while snatching files and other data.
Microsoft noted in the report that hobbling Gamarue caused a ripple effect, further constricting the distribution of 80 additional malware families. Once Gamarue had been disrupted, Microsoft said it noted a 30 percent decrease in the number of Gamarue victims worldwide.