The German authorities in cooperation with the United States and Europol dismantled the Avalanche botnet.

Five people arrested, 37 searches, 39 seized servers and 221 servers taken offline, more than 800,000 domains blocked with the help of numerous cyber security experts. It is the biggest International operation in the history.

After four years of investigation, the final phase occurred on Wednesday 30 November 2016, under the leadership of the German authorities, in cooperation with their American counterparts and Europol.

It seems that Avalanche has been used since 2009 to spread malicious software and launch phishing campaigns. This botnet reportedly sent more than a million emails each week containing malicious links or attachments that infected computer users with ransomware viruses like Osiris. The International investigation started in Germany after a massive infection by ransomware.

Research has shown that Avalanche's main role was to steal online bank data. The botnet was also used to recruit "money mules" responsible for laundering money by making purchases.

In Germany alone, the damage related to attacks on online banking systems would amount to 6 million Euros. According to Europol, there should be added hundreds of millions of Euros as a result of malware spread in more than 180 countries. But according to the criminal police office, it is very difficult to give an estimate given the number of malicious strains distributed: about 20 families including GozNym, Matsnu, URLZone, Panda Banker and XswKit.

The analysis of more than 130 terabytes of data made it possible to determine the structure of this botnet which regularly controlled more than 500 000 machines.

It was discovered that Avalanche botnet used "double fast-flux" technique to avoid detection. In general terms, it makes it much more difficult to locate the main server by exploiting zombie computers as "reverse proxies." This model could assign several IP addresses to the same domain name.

Views: 156


You need to be a member of GlobalRisk community to add comments!

Join GlobalRisk community

Our Sponsors

Would you like to reach over 90,000 + Risk Professionals? 



Current Partners Include:





Join GRC Inner Circle - Get Top Risk Resources, Member Support PLUS become our patron

Business Exchange

If your organization delivers products and services that bring value to our members, you are welcome to join our partnership program.

Companies are welcome to setup a business profile page in our Multimedia Business Directory. You will get full control of the page and can include cutting edge possibilities – videos, adverts, presentations, white papers, job offers, Press Releases, product information, company blog, news feeds and more.


Our Knowledge Partners

Request our MEDIA KIT

Our Twitter feed

© 2020   Created by Boris Agranovich.   Powered by

Badges  |  Report an Issue  |  Terms of Service