International law enforcement agencies take down Avalanche

The malware network's infrastructure housed at least 17 different malware families.

Tags: BotnetSymantec CorporationUnited Arab Emirates
  • E-Mail
International law enforcement agencies take down Avalanche The successful takedown operation saw the seizure of 39 servers, as well as the closing of several hundred thousand domains.
By  Alexander Sophoclis Pieri Published  December 4, 2016

Avalanche, a malware-hosting network, was recently targeted in a global takedown operation that saw the dismantling of its infrastructure used by at least 17 malware families.

The successful takedown operation saw the seizure of 39 servers, as well as the closing of several hundred thousand domains.

The operation came about as a result of a four-year investigation, conducted through the combined effort from numerous international law enforcement agencies and public prospectors, as well as contributions from the global IT security market, which included Symantec.

The cybersecurity specialist provided technical assistance to the police during the initial stages of the investigation. Symantec helped aided law enforcement agencies to reverse engineer malware and identify malicious infrastructure.

This led to the identification of several malware families that shared the same command and control (C&C) infrastructure, which helped the Luneberg police to expand their investigation further, by classifying these malware families under the term Avalanche botnet.

Symantec previously published research on law enforcement ransomware, which noted similarities in C&C servers utilised in previous cyberattacks.

In the years that followed, the Luneberg police, in close collaboration with the Verden Public Prosecutor's Office, as well as contributions from the BSI, FKIE and BFK law enforcement entities, continued to investigate the Avalanche network.

 

 

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code