sb-nz logo
Story image

'Avalanche Network' botnet hideout busted; ESET offers cleanup help

13 Dec 2016

Cybercriminal activity hub Avalanche Network has been busted by law enforcement agencies, ending a long reign of protection for botnet operators.

The operators were attempting to hide from takedown and domain blacklisting, but concentrated efforts from enforcement agencies have busted what ESET called a "fast-flux or ever-changing network".

"A fast-flux network, such as the one operated by the Avalanche group, can be defined as 'a DNS technique used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies', ESET says.

The network was made up of compromised hosts acting as proxy servers. They are more difficult to detect as security researchers as they can't map the attacker's infrastructure or identify the real command & control server.

Some of the various malware botnets using the Avalanche network included TeslaCrypt, Nymaim, CoreBot, GetTiny, Matsnu, Rovnix, URLZone and QakBot. ESET says that these families show the network is sold as a service to other cybercriminals.

ESET is offering a free cleaning tool for all users following the takedown. The company advises all users to use the tool to determine whether they were affected by one of the botnets using the network. The tool will then remove all harmful content at no cost.

Story image
WatchGuard uncovers top cyber threat trends of Q4 2020
“The rise in sophisticated, evasive threat tactics last quarter and throughout 2020 showcases how vital it is to implement layered, end-to-end security protections."More
Story image
Pandemic sees organisations of all sizes and industries invest in CTI
There is opportunity for organisations to better manage their cyber-threat intelligence for greater security and threat intelligence effectiveness by adopting the right tools and processes.More
Link image
Virtual demo: Diagnose network cabling problems with the LinkIQ Cable+Network Tester
If you’re finding it difficult to install access points and cabling, or if you can’t pinpoint an issue with a video camera or end user, the LinkIQ Cable+Network Tester could be exactly what you need. Try a free, fully interactive demo now.More
Story image
ThreatQuotient hits $22.5m in new financing, continues growth streak
“Since we first invested in ThreatQuotient in 2017, their team has continued to prove to the market that there is a critical need for cybersecurity solutions aimed at security operations."More
Story image
Zscaler and CrowdStrike release integrations for end-to-end security
This collaboration between the two cloud-native security companies provides joint customers with adaptive, risk-based access control to private applications.More
Story image
IT leaders prioritising automation, Zero Trust and API-based security investments
"The study shows that a cocktail of multiplying threats, the proliferation of hybrid and cloud architectures, blended with a pandemic-fuelled explosion in distributed and remote work has created a perfect storm for network security teams."More