Category : cybersecurity

Law enforcement has dismantled the Andromeda malware family

[caption id="attachment_6822" align="alignnone" width="347"]This malware family refers to variants consisting of backdoors that are tied to the ANDROMEDA botnet. The botnet was first spotted in late 2011. This malware family refers to variants consisting of backdoors that are tied to the ANDROMEDA botnet. The botnet was first spotted in late 2011.[/caption]

Law enforcement has dismantled the Andromeda malware family, which has been infecting computers since 2011. With the help of partners—including the FBI, Microsoft, and others—Europol intercepted the internet traffic between Andromeda-infected computers and the command servers to which the malware was communicating. All that traffic was then “sinkholed” and redirected to servers under the investigators’ control, giving law enforcement a detailed view of the malware’s activities. “According to Microsoft, during 48 hours of sinkholing, approximately 2 million unique Andromeda victim IP addresses from 223 countries were captured,” Europol said.

Andromeda infections happened through attachments from spam email campaigns, tainted downloads from bootleg media websites, and through exploit kits running over hacked websites, according to security firm Avast. Once a computer was infected, Andromeda also acted as a keylogger or a form grabber to steal user IDs and passwords. In addition, it could remotely take control over a PC.

“Andromeda was also sometimes used to download up to 80 other malware families onto infected victim computers,” according to The Shadowserver Foundation, a group of security experts that also helped dismantle the Andromeda botnet.

The main targets of the malware include North America, Asia, and Romania, among others.

Security firm ESET has a free tool that anyone can use to check if they have Andromeda (also known as Wauchos) secretly running on their computer. Systems found infected with Andromeda tend to contain other malware, according to security researchers.

ESET also noted that Andromeda was sold to cyber criminals in underground internet forums. “There is always a possibility that someone will reuse the Andromeda kit to build a new botnet,” the company said in an email.

_______________________________________________________________________

For the original content, please visit:

Andromeda Botnet Shut Down

McAfee to buy Campbell cybersecurity company last valued at about $400M

security

 

Today McAfee announced that it has agreed to acquire Skyhigh Networks Inc., however, the amount has not yet been disclosed for the cybersecurity business.

Campbell-based Skyhigh had raised more than $106 million in venture funding and was valued at about $400 million after its last round in 2016, according to PitchBook Data. Its investors include Thomvest Ventures, Sequoia Capital, Greylock Partners and Salesforce Ventures.

The move came about roughly eight months after McAfee was spun out of Intel Corp. Intel got $3.1 billion but kept a 49 percent stake in the new company.

“Skyhigh Networks had the foresight five years ago to realize that cybersecurity for cloud environments could not be an impediment to, or afterthought of, cloud adoption,” Young said in the deal’s announcement. “They pioneered an entirely new product category called cloud access security broker (CASB) that analysts describe as one of the fastest growing areas of information security investments of the last five years – where Skyhigh continues to innovate and lead.”

Gupta said of the deal: “McAfee will provide global scale to further accelerate Skyhigh’s growth, with the combined company providing leading technologies and solutions across cloud and endpoint security – categories Skyhigh and McAfee respectively helped create, and the two architectural control points for enterprise security.”

___________________________________________________________________________________

For the original content, please visit: https://www.bizjournals.com/sanjose/news/2017/11/27/mcafee-to-buy-skyhigh-networks.html?ana=e_me_set1&s=newsletter&ed=2017-11-27&u=J%2BnMUGqJ76RaytOwAEIZRA05b0c11e&t=1511810588&j=79241841