[technology taskforce] Avalanche botnet network taken down, 800, 000+ domains sinkholed
sbabu at ieee.org
Fri Dec 2 01:22:22 UTC 2016
Thanks Dev. This is interesting...
On Fri, Dec 2, 2016 at 2:12 AM, Dev Anand Teelucksingh <devtee at gmail.com>
> Via http://arstechnica.com/security/2016/12/legal-raids-
> "A botnet that has served up phishing attacks and at least 17
> different malware families to victims for much of this decade has been
> taken down in a coordinated effort by an international group of law
> enforcement agencies and security firms. Law enforcement officials
> seized command and control servers and took control of more than
> 800,000 Internet domains used by the botnet, dubbed "Avalanche," which
> has been in operation in some form since at least late 2009."
> The Avalanche network used a method called Double Fast Flux to rapidly
> change (like every 5 mins) the IP address and nameservers used to
> resolve the domains requested by infected machines - the domains
> requested were either hardcoded in the malware on the infected
> machines or created by a Domain Generation Algorithm in the malware
> that generated thousands of domain names every day for the malware to
> attempt to reach.
> Europol has an infographic :
> The SSAC published an advisory on Fast Flux Hosting
> Dev Anand
> ttf mailing list
> ttf at atlarge-lists.icann.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ttf