Andromeda
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 60 % (Medium) |
Infected Computers: | 3,388 |
First Seen: | May 24, 2012 |
Last Seen: | June 26, 2019 |
OS(es) Affected: | Windows |
The Andromeda botnet is a large botnet that uses a bot malware infection that allows criminals to control simultaneously thousands of infected computer systems. The Andromeda bot software is distributed on private forums frequented by computer criminals and that its original coder hides behind the online pseudonym 'Waahoo'. There have been various malware campaigns linked in some way to the Andromeda botnet in recent years, including large-scale worm campaigns distributed through Facebook private messages and known scams involving rogue security programs, also distributed through social networks and phishing email messages.
Table of Contents
What the Andromeda Bot Malware is Able to Do
The software used to carry out Andromeda is a modular bot, meaning that it can be used to create numerous types of botnets with different capabilities, according to the intentions of the criminals operating the botnet in question. The modules or plug-ins used to expand the capabilities of Andromeda can be installed at any times, expanding or diminishing the Andromeda botnet's possibilities at will. Some of the characteristics of the Andromeda botnet include the following:
- It can support any number of malicious domains, allowing criminals to expand indiscriminately.
- The exchanges between the infected computer and the Control and Command server are encrypted with RC4, meaning that it becomes much more difficult than normal for PC security researchers to catch these messages in order to know more about the criminal's activities.
- Andromeda is easy to configure, meaning that even criminals with relatively little experience can set up an effective botnet if they have enough money to purchase this malware.
- In fact, the Andromeda malware uses a user-friendly console that allows criminals to keep detailed statistics of their attacks and the location and activities of all computer systems in the Andromeda botnet.
Once installed, Andromeda is designed to hide in the victim's computer, not displaying error messages or pop-ups nor activating the victim's anti-virus software if it has not been updated. Andromeda malware has several characteristics that allow Andromeda to protect itself from many anti-malware programs. Andromeda injects its code into legitimate memory processes, meaning that Andromeda will not appear in the Task Manager. Computer systems using versions of the Windows OS from Windows XP to Windows 7 are vulnerable to an Andromeda-related attack (this includes 64-bit operating systems).
SpyHunter Detects & Remove Andromeda
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | 6e745dw6rg7t8itu.exe | bc90c938bc1170444a691cdc04ec733e | 3,361 |
2. | loader.exe | 40c0c45bd9741ef0f9d2ff972d0b8d75 | 19 |
3. | mszjeb.exe | 0e9c6292025426164fc32f2413a84846 | 2 |
4. | file.exe | 40a5dd7fd8a1d9a2027070db784440f7 | 0 |
5. | file.exe | a552672bb61d5feb95ba4405dea1f1b0 | 0 |
6. | file.exe | 80b83653242f7ff134d60e3e7f264019 | 0 |
7. | file.exe | b2e826c55a437e528d846b90d5aa743b | 0 |
8. | file.exe | f7d45793226820996c9b3642f644bebb | 0 |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.