The Andromeda botnet is a large botnet that uses a bot malware infection that allows criminals to control simultaneously thousands of infected computer systems. The Andromeda bot software is distributed on private forums frequented by computer criminals and that its original coder hides behind the online pseudonym 'Waahoo'. There have been various malware campaigns linked in some way to the Andromeda botnet in recent years, including large-scale worm campaigns distributed through Facebook private messages and known scams involving rogue security programs, also distributed through social networks and phishing email messages.
What the Andromeda Bot Malware is Able to Do
The software used to carry out Andromeda is a modular bot, meaning that it can be used to create numerous types of botnets with different capabilities, according to the intentions of the criminals operating the botnet in question. The modules or plug-ins used to expand the capabilities of Andromeda can be installed at any times, expanding or diminishing the Andromeda botnet's possibilities at will. Some of the characteristics of the Andromeda botnet include the following:
- It can support any number of malicious domains, allowing criminals to expand indiscriminately.
- The exchanges between the infected computer and the Control and Command server are encrypted with RC4, meaning that it becomes much more difficult than normal for PC security researchers to catch these messages in order to know more about the criminal's activities.
- Andromeda is easy to configure, meaning that even criminals with relatively little experience can set up an effective botnet if they have enough money to purchase this malware.
- In fact, the Andromeda malware uses a user-friendly console that allows criminals to keep detailed statistics of their attacks and the location and activities of all computer systems in the Andromeda botnet.
Once installed, Andromeda is designed to hide in the victim's computer, not displaying error messages or pop-ups nor activating the victim's anti-virus software if it has not been updated. Andromeda malware has several characteristics that allow Andromeda to protect itself from many anti-malware programs. Andromeda injects its code into legitimate memory processes, meaning that Andromeda will not appear in the Task Manager. Computer systems using versions of the Windows OS from Windows XP to Windows 7 are vulnerable to an Andromeda-related attack (this includes 64-bit operating systems).