Partner Perspectives //

bitdefender

12/5/2016
09:35 AM
Bogdan Botezatu
Bogdan Botezatu
Partner Perspectives
Connect Directly
Twitter
LinkedIn
Google+
RSS
50%
50%

Avalanche Cybercrime Platform Takedown Leaves A Lot To Clean Up

Help us wipe out the remaining bots and put an end to Avalanche once and for all.

The last day of November was also the last day of activity for one of the largest cybercrime platforms in the world. Dubbed Operation Avalanche, this extremely complex, cross-jurisdiction, cross-industry takedown has finally taken place after almost five years of investigation.

Led by Europol and its global partners, Operation Avalanche has disrupted the command and control of 20 big botnets, including Goznym, Marcher, Dridex, Matsnu, URLZone, XSWKit, and Pandabanker, as well as newer and better known ones such as the Cerber or Teslacrypt families of crypto-ransomware. Throughout its years of operation, the Avalanche cybercrime platform -- which involved more than 500,000 computers every day -- has yielded hundreds of millions of Euros in revenue for its operators.

During the takedown, Europol seized, sinkholed, or blocked over 800,000 Web domains used by malware to call home, confiscated over 30 servers, and put offline more than 220 servers via abuse notification protocols.

As of Dec. 1, all the computers infected with any of these 20 malware families can’t receive commands from cybercriminals. Still, while this operation marks an unprecedented achievement in botnet takedowns, it does not make malware magically disappear from infected computers.

To support the cleanup, Bitdefender has released a free disinfection toolkit that detects and eliminates these 20 malware families.  All you need to do is download it, start a scan, grab a cup of coffee, and let it work its magic. If you have friends or family who use PCs to surf the Web, ask them to run a proactive scan as well. The more computers that get clean, the smaller the chance of the botnet resurfacing from the dead. 

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the Web without protection or how to rodeo with wild ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
No SOPA
50%
50%
No SOPA,
User Rank: Ninja
12/5/2016 | 11:25:07 AM
Dormant, not Dead
This is an important step since, truth be told, the public can't be 100% assured that everyone who participated in Avalanche was captured.  It's almost guarenteed that one or more are on the loose still.  That means the longer you leave these dormant bots on your system, the more time these individuals have to raise their systems again on another network and start sending commands, receiving information and rebuilding their platform.

Additionally, as long as these bots have been out there hackers who aren't even part of the original Avalanche team have likely obtained the code, reversed engineered it and could potentially leverage their own platform against existing bots.  This is not only possible but a sensible thing for other cybercrime teams out there to try to jump in on, with the key Avalanche players and servers out of commision. 

Don't wait - clean those systems now before the next wave jumps in and takes advantage of the few who feel there's nothing to still be concerned about.
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Mozilla, Internet Society and Others Pressure Retailers to Demand Secure IoT Products
Curtis Franklin Jr., Senior Editor at Dark Reading,  2/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5780
PUBLISHED: 2019-02-19
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.
CVE-2019-5781
PUBLISHED: 2019-02-19
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
CVE-2019-5782
PUBLISHED: 2019-02-19
Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2019-5783
PUBLISHED: 2019-02-19
Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page.
CVE-2019-5766
PUBLISHED: 2019-02-19
Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.