Large network for cyber crime Avalanche dismantled in the course of the global shutdown

Law enforcement agencies have dismantled a large network of cyber criminals responsible for malware-based attacks that have harassed victims around the world for years.

The network called Avalanche operated up to 500,000 infected computers per day and was responsible for delivering malware through phishing email attacks. Avalanche has been active since at least 2009, but on Thursday authorities in the US and Europe announced that they had arrested five suspects allegedly involved in it.

Avalanche has been found to distribute more than 20 different families of malware, including GozNym, a banking Trojan designed to steal user credentials, and Teslacrypt, a notorious ransomware. Europol estimates the network has caused hundreds of millions of dollars in damage worldwide.

To shut down Avalanche, law enforcement officials launched an investigation that lasted more than four years and involved agents and prosecutors in more than 40 countries, according to the US Department of Justice.

According to Europol, 39 servers that support Avalanche have been seized and another 221 have been taken offline with notifications to their hosting providers. Investigators used a method known as a sinkhole to infiltrate the cybercriminal’s computer infrastructure and disrupt its activities. This involved redirecting Internet traffic from Avalanche’s infected computers to servers controlled by law enforcement agencies.

“The operation is the largest ever use of sinkholes to combat botnet infrastructures and is unprecedented in its size,” Europol said in a statement.

The UK’s National Crime Agency also announced that 830,000 malicious web domains were removed in connection with Avalanche’s activities.

Avalanche has been found to send more than 1 million emails with malicious attachments or links to unsuspecting victims every week. The malware managed to infect users in more than 180 countries.

To avoid a shutdown, Avalanche resorted to a technique called Double Fast Flux to automatically change the IP address records with the domain names used.

Investigators also said Avalanche operated one of the largest known botnets in the world. By infecting thousands of computers, the network could easily control them to send vast amounts of spam.

“Criminals who were paid to access the Avalanche network and who were able to select and manage criminal services such as malware, ransomware, money mule and phishing campaigns through this network,” said the UK’s National Crime Agency.

Law enforcement agencies encourage users to scan their computers with free tools to remove any Avalanche infections. Security firm Bitdefender said that the leftover malware on infected computers, despite the collapse of the criminal network, can strain system resources and disrupt a user’s Internet access.

Join the Network World communities on Facebook and LinkedIn to comment on topics that matter most.

Copyright © 2016 IDG Communications, Inc.

Comments are closed.