Pan-European law enforcement group Europol announced Monday that an international coalition including the FBI had dismantled the massive Andromeda botnet and arrested a suspect as part of its investigation.
{mosads}Botnets rope together vast arrays of computers infected with malware into an exploitable network. Andromeda was particularly nasty. According to the Europol press release celebrating its action, Andromeda was blocked or detected on a million different machines a month.
The goal of Andromeda appears to have been to distribute malware to other computers.
Authorities arrested a suspect in Belarus. No additional details have been issued about the suspect.
Andromeda was used in the Avalanche network, which authorities took down in 2016. The coalition investigating and mitigating Avalanche included Europol and other intra-European law enforcement groups, the FBI, the Luneburg Central Criminal Investigation Inspectorate in Germany, ICANN, the German Federal Office for Information Security and private-sector partners such as Microsoft.
Andromeda was thwarted by disabling more than 1,500 command and control domains used to coordinate the botnet’s actions. Officials rerouted all the traffic from infected computers to less dangerous sites. In under 48 hours, the coalition rerouted attempts to contact the command and control servers from more than 2 million internet addresses.