Legal raids in five countries seize botnet servers, sinkhole 800,000+ domains reports ARS.
A botnet that has served up phishing attacks and at least 17 different malware families to victims for much of this decade has been taken down in a coordinated effort by an international group of law enforcement agencies and security firms. Law enforcement officials seized command and control servers and took control of more than 800,000 Internet domains used by the botnet, dubbed “Avalanche,” which has been in operation in some form since at least late 2009.
“The operation involves arrests and searches in five countries,” representatives of the FBI and US Department of Justice said in a joint statement issued today. “More than 50 Avalanche servers worldwide were taken offline.”
A Europol release on the operation provided more details, stating:
[Five] individuals were arrested, 37 premises were searched, and 39 servers were seized. Victims of malware infections were identified in over 180 countries. Also, 221 servers were put offline through abuse notifications sent to the hosting providers. The operation marks the largest-ever use of sinkholing to combat botnet infrastructures and is unprecedented in its scale, with over 800 000 domains seized, sinkholed or blocked.
The domains seized have been “sinkholed” to terminate the operation of the botnet, which is estimated to have spanned over hundreds of thousands of compromised computers around the world.
“The monetary losses associated with malware attacks conducted over the Avalanche network are estimated to be in the hundreds of millions of dollars worldwide, although exact calculations are difficult due to the high number of malware families present on the network,” the FBI and DOJ said in their joint statement.
Adapted from ARS