“The infection of the victim system with the malicious software Andromeda takes place on the one hand by e-mail, which contains a faulty link.On clicking on the link the victims load a Microsoft Office document on their computer, with which they are asked to download. On the other hand, the infection can be made via so-called drive-by exploits, which are on compromised banners or websites, mainly those with questionable content (pornography, illegal sales, copyright infringement through video streaming, etc.). “, the prosecutor now clarifies.
The investigations against the botnet were started about two years ago together with Microsoft. Now a suspect in Belarus was arrested. During the search of his apartment, the investigators confiscated incriminating material. Seven tax servers in six different countries could also be confiscated or shut down. “In addition, 1,500 domains of the malicious software Andromeda are subject to a so-called sinkholing measure,” said the prosecutor. As a result, last Wednesday alone, 1.35 million IT systems were identified that were infected with the Andromeda malware. The BSI has informed the affected persons accordingly and provides tips on the website for the identification of infected systems.