ESET takes part in global operation to disrupt Gamarue


Global Operation Disrupts Malware

It was announced today that a major joint operation which involved law enforcement, Microsoft and ESET has disrupted many botnets using a malware family called Gamarue. This operation has been going on for more than a year now and according to, Gamarue was mostly detected by ESET as Win32/TrojanDownloader.Wauchos, which has been detected since back in September of 2011. Wauchos has been the most detected family of malware amongst ESET users. Wachos was being sold as a crime kit in underground forums and succeeding within the hands of cybercriminals.

According to Jean-Ian Boutin, Author of the article, "ESET provided technical analysis to this operation by closely tracking Wauchos botnets, identifying their C&C servers for takedown, and monitoring what its operators installed on victims’ systems. Through Microsoft, the information provided to law enforcement agencies as part of this operation included:"

  • 1,214 domains and IP addresses of the botnet’s command and control servers
  • 464 distinct botnets
  • 80 associated malware families

What is Wauchos?

Wauchos is a malware that has been used for years to steal credentials and download and install malware onto systems. It was told that if a system is compromised with Wauchos, it is most likely compromised by several other malware families as well.

ESET on the other hand has monitored and stopped many of these malware attacks on its users machines. Through this process, they have discovered dozens of Wauchos's C&C servers every month.


To read more about this malware and how ESET has helped stop it in this operation - Click Here