X

Avalanche botnet rocked as law enforcement rushes in

An international operation takes down a malware hub that supported criminal activities in more than 30 countries.

Charlie Osborne Contributing Writer
Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B.
Charlie Osborne
2 min read
gettyimages-540824155.jpg
Enlarge Image
gettyimages-540824155.jpg

Botnets take advantage of a hyperconnected world.

LHJB-Photography, Moment Editorial/Getty Images

After four years of investigation, Europol and other agencies have moved against the prominent Avalanche botnet platform, which acted as a hub for malware campaigns worldwide.

Europol publicly disclosed the operation on Thursday. The action was made possible through partnerships with the FBI, the US Department of Justice, the German Public Prosecutor's Office and technology firms including Shadowserver and Symantec.

Law enforcement agencies moved November 30 in a takedown that disrupted the infrastructure of criminal operations in over 30 countries and US states across 60 registries worldwide.

Five arrests were made and 37 premises searched, resulting in the seizure of 39 servers. Meanwhile, 221 servers were taken offline through abuse notices.

It's estimated that Avalanche is responsible for a loss of 6 million euros ($6.4 million) in damages in Germany alone through malware and money-mule recruiting campaigns. The botnet platform may also have facilitated the loss of hundreds of millions of euros worldwide, but Europol says "exact calculations are difficult due to the high number of malware families managed through the platform."

In a post on Shadowserver, the company said that Avalanche was designed for the so-called "bullet-proof management of botnets." Sinkholing was used to destroy the botnet's activities, which also disrupted malware families including Citadel, VMZeus, the ransomware TeslaCrypt and Nymaim.

In total, 800,000 malicious and fraudulent domains were also seized, sinkholed or blocked during the operation.

Avalanche has been in operation since 2009. The platform has been used for a variety of malware, spam and phishing campaigns and over 1 million emails have been sent as part of phishing campaigns worldwide to potential victims.

"Avalanche shows that we can only be successful in combating cybercrime when we work closely together, across sectors and across borders," Julian King, European Commissioner for the Security Union, said in a statement. "Cybersecurity and law enforcement authorities need to work hand in hand with the private sector to tackle continuously evolving criminal methods."

This story first appeared at ZDNet under the headline "Avalanche botnet network struck down in global operation."