What remains of the Andromeda botnet that was largely dismantled in a November 2017 global law enforcement operation will probably "slowly disappear" as remediation continues into 2018, predicted one cyber-security company that assisted in the investigation.
In a 4 January company blog post, ESET Senior Malware Researcher Jean-Ian Boutin offered key insights into the global crackdown on Andromeda, aka Wauchos and Gamarue, which resulted in the sinkholing of 1,500 malicious domains, the arrest of a suspect in Belarus, and the identification and capture of roughly two million unique victim IP addresses in 223 countries.
Boutin's outlook on the bot was a relatively optimistic one: "For this type of long-lived botnet, it is very hard to clean all the systems that have been compromised by Wauchos," he explained, "but as long as the good guys are in control of the C&C servers, at least no new harm can be done to those compromised PCs."
ESET began assisting Europol, the FBI, and other global authorities back in 2015, providing technical support by analysing malware and pinpointing botnet command-and-control servers. "As this threat was sold in underground forums, it was important to make sure that all Wauchos C&C servers were identified and taken down simultaneously. We helped with this effort through our botnet tracker system," said Boutin.