Partner Perspectives //

bitdefender

12/5/2016
09:35 AM
Bogdan Botezatu
Bogdan Botezatu
Partner Perspectives
Connect Directly
Twitter
LinkedIn
Google+
RSS
50%
50%

Avalanche Cybercrime Platform Takedown Leaves A Lot To Clean Up

Help us wipe out the remaining bots and put an end to Avalanche once and for all.

The last day of November was also the last day of activity for one of the largest cybercrime platforms in the world. Dubbed Operation Avalanche, this extremely complex, cross-jurisdiction, cross-industry takedown has finally taken place after almost five years of investigation.

Led by Europol and its global partners, Operation Avalanche has disrupted the command and control of 20 big botnets, including Goznym, Marcher, Dridex, Matsnu, URLZone, XSWKit, and Pandabanker, as well as newer and better known ones such as the Cerber or Teslacrypt families of crypto-ransomware. Throughout its years of operation, the Avalanche cybercrime platform -- which involved more than 500,000 computers every day -- has yielded hundreds of millions of Euros in revenue for its operators.

During the takedown, Europol seized, sinkholed, or blocked over 800,000 Web domains used by malware to call home, confiscated over 30 servers, and put offline more than 220 servers via abuse notification protocols.

As of Dec. 1, all the computers infected with any of these 20 malware families can’t receive commands from cybercriminals. Still, while this operation marks an unprecedented achievement in botnet takedowns, it does not make malware magically disappear from infected computers.

To support the cleanup, Bitdefender has released a free disinfection toolkit that detects and eliminates these 20 malware families.  All you need to do is download it, start a scan, grab a cup of coffee, and let it work its magic. If you have friends or family who use PCs to surf the Web, ask them to run a proactive scan as well. The more computers that get clean, the smaller the chance of the botnet resurfacing from the dead. 

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the Web without protection or how to rodeo with wild ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
No SOPA
50%
50%
No SOPA,
User Rank: Ninja
12/5/2016 | 11:25:07 AM
Dormant, not Dead
This is an important step since, truth be told, the public can't be 100% assured that everyone who participated in Avalanche was captured.  It's almost guarenteed that one or more are on the loose still.  That means the longer you leave these dormant bots on your system, the more time these individuals have to raise their systems again on another network and start sending commands, receiving information and rebuilding their platform.

Additionally, as long as these bots have been out there hackers who aren't even part of the original Avalanche team have likely obtained the code, reversed engineered it and could potentially leverage their own platform against existing bots.  This is not only possible but a sensible thing for other cybercrime teams out there to try to jump in on, with the key Avalanche players and servers out of commision. 

Don't wait - clean those systems now before the next wave jumps in and takes advantage of the few who feel there's nothing to still be concerned about.
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17283
PUBLISHED: 2018-09-21
Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Inject...
CVE-2018-17282
PUBLISHED: 2018-09-20
An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.
CVE-2018-14592
PUBLISHED: 2018-09-20
The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php.
CVE-2018-15832
PUBLISHED: 2018-09-20
upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI ha...
CVE-2018-16282
PUBLISHED: 2018-09-20
A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI.