April 9, 2015

FBI Works with Foreign Partners to Target Botnet

On April 8, 2015, the Federal Bureau of Investigation and the National Cyber Investigative Joint Task Force-International Cyber Crime Coordination Cell (IC4) coordinated with the Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT), and the Dutch National High Tech Crime Unit, along with private sector partners in their targeted takedown of the Beebone (also known as AAEH) botnet. Beebone acted as a “downloader,” which installed other forms of malicious software on victims’ computers without their consent or knowledge. The secondary infections installed by Beebone include software that steals banking logins and passwords, as well as fraudulent anti-virus software and ransomware.

Investigators are in the process of determining the number of victims in the United States and around the world that have been impacted by this botnet.

The FBI, working with foreign partners, and the U.S. Attorney’s Office for the Southern District of New York and the Computer Crime and Intellectual Property Section within the Department of Justice seized approximately 100 domain names used by the botnet.

As a result of the court-authorized domain seizures, computers infected with Beebone will no longer report to the criminals responsible for the infection. Instead, infected computers will be redirected to a sinkhole server operated by EC3, which will facilitate victim identification and remediation.

FBI Assistant Director for Cyber Joseph Demarest, Jr. said, “Botnets like Beebone have victimized users worldwide, which is why a global law enforcement team approach working with the private sector is so important. The FBI is proud to join with our partners at Europol’s European Cybercrime Centre, the Joint Cybercrime Action Taskforce (J-CAT), and the Dutch National High Tech Crime Unite to defeat malicious botnets that have the potential to impact thousands.”

Computer users can view mitigation options at the US-CERT website: https://www.us-cert.gov/aaeh

It is recommended that computer users:

  • Use and maintain anti-virus software—Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date (see Understanding Anti-Virus Software for more information).
  • Change your passwords—Your original passwords may have been compromised during the infection, so you should change them (see Choosing and Protecting Passwords for more information).
  • Keep your operating system and application software up-to-date—Install software patches so that attackers can’t take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it (see Understanding Patches for more information).
  • Use anti-malware tools—Using a legitimate program that identifies and removes malware can help eliminate an infection.