World coalition attacks botnet infecting 12,000

Elizabeth Weise | USA TODAY

An international coalition of cybercrime agencies is working to take down a major botnet that has installed malware on the computers of over 12,000 Americans and Asians.

Called Beebone, the botnet acts as a "downloader," installing other forms of malware on victims' computers without their consent or even awareness, Europol's European Cybercrime Centre said.

Initial figures show that over 12,000 computers have been infected, however it is likely there are many more.

The United States reports the greatest number of infections followed by Japan, India and Taiwan, said Europol's Deputy Director of Operations, Wil van Gemert.

Once the botnet has installed malware on a computer, it allows cyber criminals steal banking logins and passwords, create fake anti-virus programs and activate ransomware.

Botnets are networks of private computers infected with malicious software and controlled surreptitiously by criminals. Victims seldom realize they have been infected. The term "botnet" comes from a "robot network" of computers.

U.S. government groups are involved, as are Europe's Joint Cybercrime Action Taskforce and the Dutch National High Tech Crime Unit.

They are teaming up with computer security companies including Intel Security, Kaspersky and Shadowserver.

Beebone, sometimes called AAEH, first emerged in 2013.

To thwart the network, the coalition has seized 100 domain names used by the botnet and is redirecting traffic from them to internet service providers and country-level Computer Emergency Response Teams internationally, so victims can be informed that their computers might have been compromised

Called "sinkholing," registering, suspending or seizing all domain names with which the malware communicates renders it harmless.

Several companies have released programs to clear the software from users' computers, including F-Secure, Intel Security, Symantec and TrendMicro, Europol said.