Operation Avalanche involved authorities and cyber-security experts from 30 countries banding together to take down a huge malware botnet. According to Motherboard, over 800,000 domains have been shut down as a result of Operation Avalanche. Authorities have seized 39 servers, some of which were located in Romania, and have shut down 221 other servers. Criminals have been using this botnet for the past seven years to milk victims of hundreds of millions of dollars. The botnet would send millions of malware emails a week and it’s obvious the scheme succeeded.
Victims attacked using the Avalanche infrastructure have lost hundreds of millions of dollars, according to estimates byEuropol, the European Union’s law enforcement agency. Over 40 major financial institutions have been targeted, announced CERT-US.
The botnet “was estimated to involve as many as 500,000 infected computers worldwide on a daily basis,” the Europol said. “The Avalanche network was used as a delivery platform to launch and manage mass global malware attacks and money mule recruiting campaigns.”
There were 20 different malware families hosted, among which were GozNym, Marcher, Dridex, Matsnu, URLZone, XSWKit, Pandabanker, Cerber and Teslacrypt.
Fernando Ruiz, the head of operations at Europol’s Cybercrime Center, told The Associated Press that five suspects have been arrested. “We have arrested the top, the head of the snake,” Ruiz said, adding that the Avalanche infrastructure is “the perfect example of crime as a service.”
Operation Avalanche took many years to come to a successful outcome but this isn’t the last you’ll hear about malware botnets being taken down.
Operation Avalanche is just the beginning, said Catalin Cosoi, Chief Security Researcher at Bitdefender, a Romanian-based company who was part of the investigation. “We will witness several other massive takedown operations such as Avalanche during 2017,” Cosoi said (translated from Romanian).
What do you think of this takedown of a massive malware botnet? Let us know in the comments below or on Twitter, Facebook, and Google+.Source: Motherboard