[technology taskforce] Avalanche botnet network taken down, 800, 000+ domains sinkholed
Satish Babu
sbabu at ieee.org
Fri Dec 2 01:22:22 UTC 2016
Thanks Dev. This is interesting...
satish
On Fri, Dec 2, 2016 at 2:12 AM, Dev Anand Teelucksingh <devtee at gmail.com>
wrote:
> Via http://arstechnica.com/security/2016/12/legal-raids-
> in-five-countries-seize-botnet-servers-sinkhole-800000-domains/
>
> "A botnet that has served up phishing attacks and at least 17
> different malware families to victims for much of this decade has been
> taken down in a coordinated effort by an international group of law
> enforcement agencies and security firms. Law enforcement officials
> seized command and control servers and took control of more than
> 800,000 Internet domains used by the botnet, dubbed "Avalanche," which
> has been in operation in some form since at least late 2009."
>
> The Avalanche network used a method called Double Fast Flux to rapidly
> change (like every 5 mins) the IP address and nameservers used to
> resolve the domains requested by infected machines - the domains
> requested were either hardcoded in the malware on the infected
> machines or created by a Domain Generation Algorithm in the malware
> that generated thousands of domain names every day for the malware to
> attempt to reach.
>
> Europol has an infographic :
> https://www.europol.europa.eu/publications-documents/operation-avalanche-
> infographic
>
> The SSAC published an advisory on Fast Flux Hosting
> https://www.icann.org/en/system/files/files/sac-025-en.pdf
>
>
> Dev Anand
> _______________________________________________
> ttf mailing list
> ttf at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/ttf
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ttf/attachments/20161202/10949baf/attachment.html>
More information about the ttf
mailing list