Partner Perspectives //

bitdefender

12/5/2016
09:35 AM
Bogdan Botezatu
Bogdan Botezatu
Partner Perspectives
Connect Directly
Twitter
LinkedIn
Google+
RSS
50%
50%

Avalanche Cybercrime Platform Takedown Leaves A Lot To Clean Up

Help us wipe out the remaining bots and put an end to Avalanche once and for all.

The last day of November was also the last day of activity for one of the largest cybercrime platforms in the world. Dubbed Operation Avalanche, this extremely complex, cross-jurisdiction, cross-industry takedown has finally taken place after almost five years of investigation.

Led by Europol and its global partners, Operation Avalanche has disrupted the command and control of 20 big botnets, including Goznym, Marcher, Dridex, Matsnu, URLZone, XSWKit, and Pandabanker, as well as newer and better known ones such as the Cerber or Teslacrypt families of crypto-ransomware. Throughout its years of operation, the Avalanche cybercrime platform -- which involved more than 500,000 computers every day -- has yielded hundreds of millions of Euros in revenue for its operators.

During the takedown, Europol seized, sinkholed, or blocked over 800,000 Web domains used by malware to call home, confiscated over 30 servers, and put offline more than 220 servers via abuse notification protocols.

As of Dec. 1, all the computers infected with any of these 20 malware families can’t receive commands from cybercriminals. Still, while this operation marks an unprecedented achievement in botnet takedowns, it does not make malware magically disappear from infected computers.

To support the cleanup, Bitdefender has released a free disinfection toolkit that detects and eliminates these 20 malware families.  All you need to do is download it, start a scan, grab a cup of coffee, and let it work its magic. If you have friends or family who use PCs to surf the Web, ask them to run a proactive scan as well. The more computers that get clean, the smaller the chance of the botnet resurfacing from the dead. 

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the Web without protection or how to rodeo with wild ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
No SOPA
50%
50%
No SOPA,
User Rank: Ninja
12/5/2016 | 11:25:07 AM
Dormant, not Dead
This is an important step since, truth be told, the public can't be 100% assured that everyone who participated in Avalanche was captured.  It's almost guarenteed that one or more are on the loose still.  That means the longer you leave these dormant bots on your system, the more time these individuals have to raise their systems again on another network and start sending commands, receiving information and rebuilding their platform.

Additionally, as long as these bots have been out there hackers who aren't even part of the original Avalanche team have likely obtained the code, reversed engineered it and could potentially leverage their own platform against existing bots.  This is not only possible but a sensible thing for other cybercrime teams out there to try to jump in on, with the key Avalanche players and servers out of commision. 

Don't wait - clean those systems now before the next wave jumps in and takes advantage of the few who feel there's nothing to still be concerned about.
Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
5 Reasons Why Threat Intelligence Doesn't Work
Jonathan Zhang, CEO/Founder of WhoisXML API and TIP,  11/7/2018
Why Password Management and Security Strategies Fall Short
Steve Zurier, Freelance Writer,  11/7/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19186
PUBLISHED: 2018-11-14
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the route.php paymentMethod parameter.
CVE-2018-19187
PUBLISHED: 2018-11-14
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in a success.php echo statement.
CVE-2018-19188
PUBLISHED: 2018-11-14
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the success.php fort_id parameter.
CVE-2018-19189
PUBLISHED: 2018-11-14
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in an error.php echo statement.
CVE-2018-19190
PUBLISHED: 2018-11-14
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the error.php error_msg parameter.