International Investigators Managed To Shut Down The Notorious Avalanche Botnet

Avalanche’s botnet infrastructure has been used to distribute plenty of computer viruses, from online banking Trojans to infamous Crypt0L0cker ransomware virus. As a part of international investigation, arrest warrants were issued against 16 cyber criminals and the biggest part of the botnet infrastructure was switched off.

On Wednesday, December the 1^st a team of international investigators succeeded in a big fight against organized cybercrime. Europol reports arrests of several Avalanche botnet operators, one of the world’s largest botnet infrastructures. The investigators have shut down about 800,000 web domains and confiscated 39 servers.

This success is the result of a cross-border investigation lasting over four years, involving the Europol, the FBI and many other security authorities from 39 countries. The investigators were able to identify 16 members of the Avalanche leadership team from 10 countries.

Only in Germany, more than 50,000 zombie-computers were under the control of the gang. The perpetrators were stealing money from bank accounts using sophisticated malware. The public prosecutor’s office is showing 1336 cases and about 6 million euros in damages.

The perpetrators were active at least since 2009 and used their botnet infrastructure to send phishing and virus spam emails. They should have sent over a million emails a week. In 2010, Avalanche was responsible for two-thirds of all phishing attacks.

The investigation began about four years ago after the online crooks had begun to massively spread Crypto-Trojans. Recently, Avalanche botnet operators have specialized mostly in online banking fraud.

In Germany, The Federal Office for Information Security (BSI) has supported investigations by analyzing the infrastructure and the malware used. On the basis of the BSI information, German providers have sent more than 4.5 million warnings about infected systems to the affected Internet users since 2014.

The BSI uses special servers, to which the connection requests of the infected computers are redirected. Thus the victims can be identified and warned. However, the victims themselves have to take care of the cleaning of the compromised systems.

[short_info id=’64625′]