The Andromeda botnet – first spotted in late 2011 – has recently resurfaced. This threat arrives via a familiar means: spammed messages with malicious attachments or links to compromised websites hosting Blackhole Exploit Kit (BHEK) code. Here is one spam message we saw recently:
<
Click on Source>
Andromeda itself is highly modular, and can incorporate various modules, such as:
- Keyloggers
- Form grabbers
- SOCKS4 proxy module
- Rootkits
<
Click on Source>
The top affected countries of this threat are Australia, Turkey, and Germany based on our Smart Protection Network feedback below:
<
Click on Source>
