Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    March 2013
    S M T W T F S
    « Feb   Apr »
  • Email Subscription

  • About Us

    Archive for March 11th, 2013

    The Andromeda botnet – first spotted in late 2011 – has recently resurfaced. This threat arrives via a familiar means: spammed messages with malicious attachments or links to compromised websites hosting Blackhole Exploit Kit (BHEK) code. Here is one spam message we saw recently:


    Figure 1. Sample spammed message

    Andromeda itself is highly modular, and can incorporate various modules, such as:

    • Keyloggers
    • Form grabbers
    • SOCKS4 proxy module
    • Rootkits

    As is typical of backdoors, it can download and execute other files like ZeuS, as well as update and remove itself if needed. Typically, variants of the Andromeda malware can be bought online for 300-500 US dollars. However, each of the plugins mentioned above costs an extra sum of money. The most recent version number we have identified is version 2.60. The top affected countries of this threat are Australia, Turkey, and Germany based on our Smart Protection Network feedback below:


    Figure 2. Andromeda infection count from January- February 25 2013

    Read the rest of this entry »

    Posted in Botnets, Malware | Comments Off on Andromeda Botnet Resurfaces


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice