Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives //

bitdefender

12/5/2016
09:35 AM
Bogdan Botezatu
Bogdan Botezatu
Partner Perspectives
Connect Directly
Twitter
LinkedIn
RSS
50%
50%

Avalanche Cybercrime Platform Takedown Leaves A Lot To Clean Up

Help us wipe out the remaining bots and put an end to Avalanche once and for all.

The last day of November was also the last day of activity for one of the largest cybercrime platforms in the world. Dubbed Operation Avalanche, this extremely complex, cross-jurisdiction, cross-industry takedown has finally taken place after almost five years of investigation.

Led by Europol and its global partners, Operation Avalanche has disrupted the command and control of 20 big botnets, including Goznym, Marcher, Dridex, Matsnu, URLZone, XSWKit, and Pandabanker, as well as newer and better known ones such as the Cerber or Teslacrypt families of crypto-ransomware. Throughout its years of operation, the Avalanche cybercrime platform -- which involved more than 500,000 computers every day -- has yielded hundreds of millions of Euros in revenue for its operators.

During the takedown, Europol seized, sinkholed, or blocked over 800,000 Web domains used by malware to call home, confiscated over 30 servers, and put offline more than 220 servers via abuse notification protocols.

As of Dec. 1, all the computers infected with any of these 20 malware families can’t receive commands from cybercriminals. Still, while this operation marks an unprecedented achievement in botnet takedowns, it does not make malware magically disappear from infected computers.

To support the cleanup, Bitdefender has released a free disinfection toolkit that detects and eliminates these 20 malware families.  All you need to do is download it, start a scan, grab a cup of coffee, and let it work its magic. If you have friends or family who use PCs to surf the Web, ask them to run a proactive scan as well. The more computers that get clean, the smaller the chance of the botnet resurfacing from the dead. 

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the Web without protection or how to rodeo with wild ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
12/5/2016 | 11:25:07 AM
Dormant, not Dead
This is an important step since, truth be told, the public can't be 100% assured that everyone who participated in Avalanche was captured.  It's almost guarenteed that one or more are on the loose still.  That means the longer you leave these dormant bots on your system, the more time these individuals have to raise their systems again on another network and start sending commands, receiving information and rebuilding their platform.

Additionally, as long as these bots have been out there hackers who aren't even part of the original Avalanche team have likely obtained the code, reversed engineered it and could potentially leverage their own platform against existing bots.  This is not only possible but a sensible thing for other cybercrime teams out there to try to jump in on, with the key Avalanche players and servers out of commision. 

Don't wait - clean those systems now before the next wave jumps in and takes advantage of the few who feel there's nothing to still be concerned about.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/27/2020
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
David Pearson, Principal Threat Researcher,  10/21/2020
Are You One COVID-19 Test Away From a Cybersecurity Disaster?
Alan Brill, Senior Managing Director, Cyber Risk Practice, Kroll,  10/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16140
PUBLISHED: 2020-10-27
The search functionality of the Greenmart theme 2.4.2 for WordPress is vulnerable to XSS.
CVE-2020-9982
PUBLISHED: 2020-10-27
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Apple Music 3.4.0 for Android. A malicious application may be able to leak a user's credentials.
CVE-2020-3855
PUBLISHED: 2020-10-27
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. A malicious application may be able to overwrite arbitrary files.
CVE-2020-3863
PUBLISHED: 2020-10-27
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. An application may be able to execute arbitrary code with system privileges.
CVE-2020-3864
PUBLISHED: 2020-10-27
A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin.