nanog mailing list archives

Re: Avalanche botnet takedown

From: anthony kasza <anthony.kasza () gmail com>
Date: Thu, 1 Dec 2016 12:02:50 -0700

From my understanding Avalanche wasn't a single botnet but was high

availability infrastructure used by multiple different families/operators.

-AK

On Dec 1, 2016 10:37 AM, "John Levine" <johnl () iecc com> wrote:

Avalanche is a large nasty botnet, which was just disabled by a large
coordinated action by industry and law enforcement in multiple
countries.  It was a lot of work, involving among other things
disabling or sinkholing 800,000 domain names used to control it.

More info here:

https://www.europol.europa.eu/newsroom/news/%E2%80%
98avalanche%E2%80%99-network-dismantled-in-international-cyber-operation

http://blog.shadowserver.org/2016/12/01/avalanche/

As both items point out, if your users are infected with Avalance,
they're still infected, but now if you disinfect them, they won't get
reinfected.  At least not with that particular flavor of malware.

R's,
John

Current thread:

Avalanche botnet takedown John Levine (Dec 01)
- Re: Avalanche botnet takedown anthony kasza (Dec 01)
- Re: Avalanche botnet takedown Ronald F. Guilmette (Dec 01)
  - Re: Avalanche botnet takedown Paul Ferguson (Dec 01)
  - Re: Avalanche botnet takedown Tony Finch (Dec 02)
- Re: Avalanche botnet takedown Rich Kulawiec (Dec 01)
  - Re: Avalanche botnet takedown J. Hellenthal (Dec 01)
    - Re: Avalanche botnet takedown Justin Paine via NANOG (Dec 01)
    - Re: Avalanche botnet takedown Robert McKay (Dec 01)
    - Re: Avalanche botnet takedown Rich Kulawiec (Dec 01)
    - Re: [nanog] Re: Avalanche botnet takedown Hugo Salgado-Hernández (Dec 02)
    - Re: [nanog] Avalanche botnet takedown Jason Hellenthal (Dec 02)

(Thread continues...)