On April 8 something happened that may have far-reaching implications for the fight against cybercrime and malware. No, it wasn’t the recent Fidelis Threat Advisory on the AlienSpy RAT. . The event that I’m talking about was an international coalition of cybercrime fighters coming together to rid the Internet of a particularly nasty botnet named Beebone (also known as AAEH) in what has been dubbed Operation Source.
Before we get into the coalition and what it means, let’s take a quick look at Beebone and what it can do.
Beebone is particularly nefarious because it was designed to utilize polymorphic worm capabilities to ensure that it remains on an infected host network. In other words, Beebone uses its internal code to change its structure and then automatically spread to other vulnerable machines on the victim network. Beebone itself is a downloader that utilizes botnet Command and Control (C2) to further infect its victim hosts with additional types of malware such as rootkits, ransomware, password stealers, and other nastiness. Beyond its host-based polymorphism, the authors of Beebone were releasing a multitude of new variants of the malware daily, each sufficiently different to make detections by traditional Antivirus difficult.