Οι αρχές επιβολής του νόμου και οι εταιρείες του διαδικτύου από όλο τον κόσμο συνεργάστηκαν για να κλείσουν το Avalanche, ένα από τα μεγαλύτερα malware networks in cyberspace that have ever been discovered in the last decade.
Their attempts resulted in the arrest of five suspects, 37 server confiscation and the closure of other 221 servers.
According to statements by Europol and his US Department of Justice , suspects used this infrastructure as a global criminal network that was responsible for spreading and hosting over 20 different malware families ranging from ransomware to bank trojans.
This network, to which the authorities had given the nickname "Avalanche“(Avalanche), its owners provided it for rent for her Mission spam, hosting and spreading their malware, hosting command and control (C&C) servers, but also to launder profits and stolen funds.
The overall effort has been contributed by researchers from more than 30 countries, law enforcement authorities from various countries including Europol, Eurojust, Interpol, the FBI, the US Department of Justice, organizations and internet companies such as ICANN, Symantec, Shadowserver Foundation, Registrar of Last Resort, and others.
Authorities reported that more than 800.000 domains used for various malware were seized or blocked botnets. The large number of domains was because most of the botnets use a technique known as double fast flux DNS, which goes through a large number of domains per day to hide the location of the botnet's C&C server .
According to US CERT, the Avalanche network was used to host the following malware families:
Windows-encryption Trojan horse (WVT) (aka Matsnu, Injector, Rannoh, Ransomlock.P)
URLzone (aka Bebloh)
Citadel
VM-ZeuS (aka KINS)
Bugat (aka Feodo, Geodo, Cridex, Dridex, Emotes)
newGOZ (aka GameOverZeuS)
Tinba (aka TinyBanker)
Nymaim / GozNym
Vawtrak (aka Neverquest)
Marcher
Pandabanker
Ranbyus
Smart App
TeslaCrypt
Trusteer App
Xswkit
According to Symantec The research στο δίκτυο Avalanche ξεκίνησε στις αρχές του 2012 όταν οι κακοποιοί δημιούργησαν και εξάπλωσαν ένα ransomware που χρησιμοποιούσε μία ψεύτικη προειδοποίηση της αστυνομίας ώστε οι μπορέσουν να κλειδώσουν τα αρχεία των θυμάτων τους και κατόπιν να ζητήσουν λύτρα.
The name of the ransomware was Ransomlock.P, and appeared at the end of 2011. The German police formally launched the Avalanche survey because ransomware used its name.
The German authorities also reported that crooks managed to steal more than € 6.000.000 from the German banks alone. Europol is estimated that fraudsters who have used the Avalanche network may have stolen hundreds of millions of euros around the world.
Europol also estimates that Avalanche's botnets sent a total of one million spam messages a week. But in addition to bank fraud and spam, the authorities have announced that the Avalanche network was also used to host malware for DDoS attacks.
Researchers believe that over 500.000 users still have infected computers with various types of malware distributed through this network. These users should be aware that while the malware backend infrastructure is down, malware still exists on their computers, and they should be removed.
