Slovak cybersecurity firm participated in global operation to disrupt malware system

Eset monitored malware and its impact on users over several years

(Source: Sme)

Security researchers at the Slovak cybersecurity company Eset, in collaboration with Microsoft and law enforcement agencies, have taken down a major botnet operation known as Gamarue, which has been infecting victims since 2011. The coordinated take-down started on November 29 and as a result of this joint effort, law enforcement agencies, including the Federal Bureau of Investigation (FBI), Interpol, Europol, and other stakeholders in cybersecurity across the globe, were able to make an arrest and obstruct the activity of the malware family responsible for infecting more than 1.1 million systems a month.

SkryťRemove ad
Article continues after video advertisement
SkryťRemove ad
Article continues after video advertisement

“In the past, Wauchos and Gamarue was the most detected malware family amongst Eset users, so when we were approached by Microsoft to take part in a joint disruption effort against it to better protect our users and the general public at large, it was a no-brainer to agree,” said Jean-Ian Boutin, Senior Malware Research at Eset, as cited in the press release of the Slovak company.

This particular threat has been around for several years now and it is constantly reinventing itself – which can make it hard to monitor, he added. The researchers used Eset Threat Intelligence service and by working collaboratively with Microsoft researchers, they were able to keep track of changes in the malware’s behaviour and consequently provide actionable data that has proven invaluable in the takedown efforts.

SkryťRemove ad

Eset and Microsoft researchers shared a technical analysis, statistical information, and known command control (C&C) server domains to help disrupt the malicious activity of the group. Eset also shared its historical knowledge of Gamarue, gained from the continual monitoring of the malware and its impact on users over the past few years.

What is Gamarue?

Created by cybercriminals in September 2011, and sold as a crime-kit on the Dark Web in underground forums, the purpose of the Gamarue family was to steal credentials as well as download and install additional malware onto users’ systems, explains Eset in its press release.

This malware family is a customisable bot, which allows the owner to create and use custom plugins. One such plugin allows the cybercriminal to steal content entered by users in web forms while another enables criminals to connect back and control compromised systems, explained Eset in its press release.

Its popularity has resulted in a number of independent Gamarue botnets in the wild.

Eset found that its samples have been distributed across the globe through social media, instant messaging, removable media, spam, and exploit kits.

Top stories

Nuclear physicist Martin Venhart.

Nuclear physicist on Ukraine plant: Fukushima more likely scenario than Chernobyl

Expert says best thing for safety of Zaporizhzhia facility would be Russian exit.


21 h
PM Eduard Heger (OĽaNO) is about to announce a salary increase for people working in the education sector on July 13, 2022, in Bratislava.

PM Heger’s reluctance to fire his party boss comes at a price

The coalition government is on the verge of losing its majority.


11. aug
SaS MP Peter Cmorej during a press conference on August 8, 2022.

On the way out, but SaS submits a major constitutional bill

The SaS party, which has left the coalition, is confident its constitutional bill on pensions can succeed in the house.


9. aug
The Pope meeting with bishops, priests, religious, consecrated persons, seminarians, and catechists at the Cathedral of St. Martin in Bratislava.

It's up to Pope Francis now. The chances of a new Slovak cardinal are slim

The Pope prefers candidates from developing countries.


10. aug
SkryťClose ad