<div dir="ltr"><div>Thanks Dev. This is interesting...<br><br><br><br><br><br><br></div>satish<br><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Dec 2, 2016 at 2:12 AM, Dev Anand Teelucksingh <span dir="ltr"><<a href="mailto:devtee@gmail.com" target="_blank">devtee@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Via <a href="http://arstechnica.com/security/2016/12/legal-raids-in-five-countries-seize-botnet-servers-sinkhole-800000-domains/" rel="noreferrer" target="_blank">http://arstechnica.com/<wbr>security/2016/12/legal-raids-<wbr>in-five-countries-seize-<wbr>botnet-servers-sinkhole-<wbr>800000-domains/</a><br>
<br>
"A botnet that has served up phishing attacks and at least 17<br>
different malware families to victims for much of this decade has been<br>
taken down in a coordinated effort by an international group of law<br>
enforcement agencies and security firms. Law enforcement officials<br>
seized command and control servers and took control of more than<br>
800,000 Internet domains used by the botnet, dubbed "Avalanche," which<br>
has been in operation in some form since at least late 2009."<br>
<br>
The Avalanche network used a method called Double Fast Flux to rapidly<br>
change (like every 5 mins) the IP address and nameservers used to<br>
resolve the domains requested by infected machines - the domains<br>
requested were either hardcoded in the malware on the infected<br>
machines or created by a Domain Generation Algorithm in the malware<br>
that generated thousands of domain names every day for the malware to<br>
attempt to reach.<br>
<br>
Europol has an infographic :<br>
<a href="https://www.europol.europa.eu/publications-documents/operation-avalanche-infographic" rel="noreferrer" target="_blank">https://www.europol.europa.eu/<wbr>publications-documents/<wbr>operation-avalanche-<wbr>infographic</a><br>
<br>
The SSAC published an advisory on Fast Flux Hosting<br>
<a href="https://www.icann.org/en/system/files/files/sac-025-en.pdf" rel="noreferrer" target="_blank">https://www.icann.org/en/<wbr>system/files/files/sac-025-en.<wbr>pdf</a><br>
<br>
<br>
Dev Anand<br>
______________________________<wbr>_________________<br>
ttf mailing list<br>
<a href="mailto:ttf@atlarge-lists.icann.org">ttf@atlarge-lists.icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/ttf" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/ttf</a><br>
</blockquote></div><br></div>