Avalanche botnet takedown

• Subject: Avalanche botnet takedown
• From: anthony.kasza at gmail.com (anthony kasza)
• Date: Thu, 1 Dec 2016 12:02:50 -0700
• In-reply-to: <[email protected]>
• References: <[email protected]>

>From my understanding Avalanche wasn't a single botnet but was high
availability infrastructure used by multiple different families/operators.

-AK

On Dec 1, 2016 10:37 AM, "John Levine" <johnl at iecc.com> wrote:

> Avalanche is a large nasty botnet, which was just disabled by a large
> coordinated action by industry and law enforcement in multiple
> countries.  It was a lot of work, involving among other things
> disabling or sinkholing 800,000 domain names used to control it.
>
> More info here:
>
> https://www.europol.europa.eu/newsroom/news/%E2%80%
> 98avalanche%E2%80%99-network-dismantled-in-international-cyber-operation
>
> http://blog.shadowserver.org/2016/12/01/avalanche/
>
> As both items point out, if your users are infected with Avalance,
> they're still infected, but now if you disinfect them, they won't get
> reinfected.  At least not with that particular flavor of malware.
>
> R's,
> John
>
>
>

• References:
  • Avalanche botnet takedown
    • From: johnl at iecc.com (John Levine)

• Prev by Date: Avalanche botnet takedown
• Next by Date: Avalanche botnet takedown
• Previous by thread: Avalanche botnet takedown
• Next by thread: Avalanche botnet takedown
• Index(es):
  • Date
  • Thread