nanog mailing list archives
Avalanche botnet takedown
From: "John Levine" <johnl () iecc com>
Date: 1 Dec 2016 17:34:26 -0000
Avalanche is a large nasty botnet, which was just disabled by a large coordinated action by industry and law enforcement in multiple countries. It was a lot of work, involving among other things disabling or sinkholing 800,000 domain names used to control it. More info here: https://www.europol.europa.eu/newsroom/news/%E2%80%98avalanche%E2%80%99-network-dismantled-in-international-cyber-operation http://blog.shadowserver.org/2016/12/01/avalanche/ As both items point out, if your users are infected with Avalance, they're still infected, but now if you disinfect them, they won't get reinfected. At least not with that particular flavor of malware. R's, John
Current thread:
- Avalanche botnet takedown John Levine (Dec 01)
- Re: Avalanche botnet takedown anthony kasza (Dec 01)
- Re: Avalanche botnet takedown Ronald F. Guilmette (Dec 01)
- Re: Avalanche botnet takedown Paul Ferguson (Dec 01)
- Re: Avalanche botnet takedown Tony Finch (Dec 02)
- Re: Avalanche botnet takedown Rich Kulawiec (Dec 01)
- Re: Avalanche botnet takedown J. Hellenthal (Dec 01)
- Re: Avalanche botnet takedown Justin Paine via NANOG (Dec 01)
- Re: Avalanche botnet takedown Robert McKay (Dec 01)
- Re: Avalanche botnet takedown Rich Kulawiec (Dec 01)
- Re: [nanog] Re: Avalanche botnet takedown Hugo Salgado-Hernández (Dec 02)
- Re: Avalanche botnet takedown J. Hellenthal (Dec 01)