Avalanche, the major cybercriminal network that has plagued thousands of users, has finally been dismantled. Numbers show that the network infected at least 500,000 systems daily, and has successfully delivered phishing emails to potential victims. The group has been active since 2009, and was recently demolished by U.S. and European authorities. Five suspects have been arrested, allegedly involved in Avalanche.
Related: Top 5 Cybercrime Trends in 2016 According to Europol
Avalanche Has Been Delivering Malware from 20 Malware Families
The malware spread by the cybercriminal network included GozNym and Teslacrypt, both well-known malicious pieces. According to Europol, Avalanche has caused hundreds of millions of dollars in damages, globally.
The criminal groups have been using the Avalanche infrastructure since 2009 for conducting malware, phishing and spam activities. They sent more than 1 million e-mails with damaging attachments or links every week to unsuspecting victims.
The investigation that led to the arrests lasted four years and involved agents and prosecutors in at least 40 countries, the U.S. Department of Justice says.
Related: Man Convicted for Hacking Linux Kernel Servers
Apparently, 39 of the servers supporting Avalanche’s activities were seized, and 221 were taken offline via notifications sent to the hosting providers. To do that, authorities applied a method known as sinkholing to infiltrate the criminal infrastructure. The operation also involved redirecting traffic from Avalanche’s infected machines to servers controlled by authorities.
Europol has issued a statement, saying that:
The [takedown] operation marks the largest-ever use of sinkholing to combat botnet infrastructures and is unprecedented in its scale.
Investigators are saying that Avalanche was sending more than one million emails containing malicious attachments on a weekly basis. The malware infected users in at least 180 countries.
Related: Cyber Criminals Have New Targets – Online Payment Systems
Why Was Avalanche So Successful?
Because of a technique known as double fast flux. This is how cybercriminals managed to automatically change the IP address records with the domain names they used.
What made the ’Avalanche’ infrastructure special was the use of the so-called double fast flux technique. The complex setup of the Avalanche network was popular amongst cybercriminals, because of the double fast flux technique offering enhanced resilience to takedowns and law enforcement action.
Even though the network is now dismantled, users still need to scan their computers for leftover malware, as it still can hog system resources and interfere with Internet access.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: