FBI and Foreign Partners Target Botnet Affecting Victims Worldwide

Stock image of several linked computers.


A coordinated international law enforcement and private-sector cyber effort has resulted in the takedown of a botnet known as Beebone—a “downloader” that allowed other forms of malicious software to be installed on victims’ computers without their consent or knowledge.

The secondary infections installed by Beebone—also known as AAEH—include software that steals banking logins and passwords as well as fraudulent anti-virus software and ransomware. This botnet has impacted users around the world.

The international coalition working against Beebone includes the FBI, the National Cyber Investigative Joint Task Force, Europol’s European Cybercrime Centre, the Joint Cybercrime Action Taskforce, the Dutch National High Tech Crime Unit, and private-sector partners.

Working with the U.S. Attorney’s Office for the Southern District of New York and the Computer Crime and Intellectual Property Section within the Department of Justice, the FBI seized approximately 100 domain names used by the botnet. As a result of those domain seizures, computers infected with Beebone will no longer report to the criminals responsible for the infection. Instead, infected computers will be redirected to a secure server operated by Europol’s European Cybercrime Centre, which will facilitate victim identification and remediation.

“Botnets like Beebone have victimized users worldwide, which is why a global law enforcement team approach working with the private sector is so important,” said FBI Cyber Division Assistant Director Joseph Demarest, Jr.

Computer users can check mitigation options at the U.S. Computer Emergency Readiness Team (US-CERT) website: https://www.us-cert.gov/aaeh

It is recommended that computer users:

  • Use and maintain anti-virus software, which recognizes and protects computers against most known viruses.
  • Change passwords. Current passwords may have been compromised during a Beebone infection.
  • Keep your operating system and application software up-to-date. Enable automatic updates if the option is available.
  • Use legitimate anti-malware tools to identify and remove malware.