Europol and other law enforcement agencies have shut down the large Avalanche botnet malicious network in a global operation against malware distribution.
A Worldwide Operation Shuts Down The Avalanche Botnet
Europol and other law enforcement agencies have shut down the large Avalanche botnet network of infected and malicious computers in a global operation after four years of investigations. The European agency has publicly disclosed the news on Thursday and mentions some of its partners that include the FBI, The United States Department of Justice (DOJ), the German Public Prosecutor’s Office and the technology companies Shadowserver and Symantec.
The takedown occurred on November 30 which disrupted the criminal infrastructure in over 30 countries and US states. A total of five arrest were made and 37 locations were searched, this resulted in the seizure of 39 servers. In addition a total of 800 000 malicious domains have been blocked or seized during the operation. Through various abuse notices a total of 221 servers were shut down. The Avalanche botnet is thought to have caused about six million euros of damages in Germany alone. The criminal income is attributed to various malware campaigns and other related schemes.
The botnet has been actively used since 2009, the statistics shows that over one million spam emails have been sent from it as part of worldwide phishing and ransomware infection campaigns.
Avalanche has been identified as a “Double Fast Flux” content delivery and management platform which is designed for deploying various botnet attacks. It is used to launch sophisticated and coordinated attacks bearing various malware samples and ransomware strains such as TeslaCrypt.
The first investigations into Avalanche began in Germany in 2012 after the Windows Encryption Trojan ransomware started to infect a large number of computer systems and networks. Millions of computers were compromised during the attack and the damage output helped the operators of the botnet to grow their malware distributions plans to a greater extent. The resulting network was used to harvest sensitive information such as account credentials to online banking services. Using the gathered data the criminal operators were able to perform bank transfers resulting in large financial losses.
The full list of countries involved in the operation include the following:
Armenia, Australia, Austria, Azerbaijan, Belgium, Belize, Bulgaria, Canada, Colombia, Finland, France, Germany, Gibraltar, Hungary, India, Italy, Lithuania, Luxembourg, Moldova, Montenegro, Netherlands, Norway, Poland, Romania, Singapore, Sweden, Taiwan, Ukraine, United Kingdom and United States of America.
For more information read Europol’s public statement available here.