After four years of investigation, Europol, and other agencies have moved against the prominent Avalanche botnet platform which acted as a hub for malware campaigns worldwide.
Europol publicly disclosed the operation on Thursday, made possible through partnerships with the FBI, the US Department of Justice (DoJ), the German Public Prosecutor’s Office Verden Eurojust and technology firms including Shadowserver and Symantec.
Law enforcement agencies moved 30 November in a takedown which disrupted the infrastructure of criminal operations in over 30 countries and US states across 60 registries worldwide.
Five arrests were made and 37 premises searched, resulting in the seizure of 39 servers. However, a total of 221 servers were taken offline through abuse notices.
It is estimated that Avalanche is responsible for a loss of six million euros in damages in Germany alone through malware campaign and money mule recruiting campaigns. It is thought that the botnet platform has facilitated the loss of hundreds of millions of euros worldwide, but Europol says “exact calculations are difficult due to the high number of malware families managed through the platform.”
In a post on Shadowserver, the company said that Avalanche is a Double Fast Flux content delivery and management platform designed for the so-called “bullet-proof management of botnets.” Sinkholing was used to destroy the botnet’s activities, which also disrupted malware families including Citadel, VMZeus, the ransomware TeslaCrypt and Nymaim.
In total, 800,000 malicious and fraudulent domains were also seized, sinkholed, or blocked during the operation.
Avalanche has been in operation since 2009. The platform has been utilized for a variety of malware, spam and phishing campaigns and over one million emails have been sent as part of phishing campaigns worldwide to potential victims.
Julian King, European Commissioner for the Security Union commented:
“Avalanche shows that we can only be successful in combating cybercrime when we work closely together, across sectors and across borders. Cybersecurity and law enforcement authorities need to work hand in hand with the private sector to tackle continuously evolving criminal methods.
The EU helps by ensuring that the right legal frameworks are in place to enable such cooperation on a daily basis.”