Resultados 1 a 3 de 3
  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    [EN] EU, US cops kill Avalanche global crime botnet

    Multi-year investigation ends digital crime network.

    Juha Saarinen
    Dec 2 2016

    A joint operation between European and United States police forces has closed down the Avalanche digital crime network that is estimated to have caused hundreds of millions of dollars in losses worldwide.

    Avalanche was used to deliver and manage mass malware attacks and money mule recruiting campaigns globally. The criminal network is thought to be responsible for two-thirds of all phishing attempts since 2009, with over a million emails containing damaging attachments or links being sent to victims each week.

    The Shadowserver Foundation, a volunteer organisation of security professionals gathering intelligence on cyber crime, said Avalanche was a "Double Fast Flux" operation, churning through hundreds of thousands of domain names and IP addresses at high speed to avoid being detected and taken down.

    Europol, Interpol, the United States Department of Justice and the Federal Bureau of Investigation spent four years hunting down the Avalanche operators, aided by security vendors.

    The investigation into Avalanche started in Germany in 2012, after the Windows Encryption Trojan ransomware infected a large number of computers in the country. A separate malware campaign the same year by the Avalanche botnet that saw criminals harvest internet banking and email passwords added further impetus to the police investigation.

    In total, prosecutors and investigators from 30 countries were involved in taking down Avalanche, including Australian law enforcement.

    As part of the investigation, Germany's Federal Office for Information Security together with the Fraunhofer Institute combed through more than 130 terabytes of captured data to work out the Avalanche botnet's server structure.

    Five unnamed individuals were arrested and 37 premises raided, with 39 servers seized by police.

    The scale of the Avalanche malware distribution network was substantial. Europol said victims of malware infections were identified in more than 180 countries, and abuse notifications sent to hosting providers took down 221 servers on their networks.

    More than 800,000 domains used by the Avalanche network were sinkholed, meaning they are blocked and cannot be reached, in the largest such operation to date.

    Police estimate the Avalanche botnet used as many as half a million infected computers around the world daily.

    Avalanche distributed some 20 different malware families such as oznym, marcher, matsnu, urlzone, xswkit, and pandabanker, the police said.
    Última edição por 5ms; 01-12-2016 às 21:46.

  2. #2
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    'Avalanche' Global Fraud Ring Dismantled

    Brian Krebs
    Dec 1, 2016

    In what’s being billed as an unprecedented global law enforcement response to cybercrime, federal investigators in the United States, United Kingdom and Europe today say they’ve dismantled a sprawling cybercrime machine known as “Avalanche” — a distributed, cloud-hosting network that for the past seven years has been rented out to fraudsters for use in launching countless malware and phishing attacks.

    According to Europol, the action was the result of a four-year joint investigation between Europol, Eurojust the FBI and authorities in the U.K. and Germany that culminated on Nov. 30, 2016 with the arrest of five individuals, the seizure of 39 Web servers, and the sidelining of more than 830,000 web domains used in the scheme.

    Built as a criminal cloud-hosting environment that was rented out to scammers, spammers other ne’er-do-wells, Avalanche has been a major source of cybercrime for years. In 2009, when investigators say the fraud network first opened for business, Avalanche was responsible for funneling roughly two-thirds of all phishing attacks aimed at stealing usernames and passwords for bank and e-commerce sites. By 2011, Avalanche was being heavily used by crooks to deploy banking Trojans.

    The U.K.’s National Crime Agency (NCA), says the more recent Avalanche fraud network comprised up to 600 servers worldwide and was used to host as many as 800,000 web domains at a time.

    “Cyber criminals rented the servers and through them launched and managed digital fraud campaigns, sending emails in bulk to infect computers with malware, ransomware and other malicious software that would steal users’ bank details and other personal data,” the NCA said in a statement released today on the takedown. The criminals used the stolen information for fraud or extortion. At its peak 17 different types of malware were hosted by the network, including major strains with names such as goznym, urlzone, pandabanker and loosemailsniffer.At least 500,000 computers around the world were infected and controlled by the Avalanche system on any given day.”

    The Avalanche network was especially resilient because it relied on a hosting method known as fast-flux, a kind of round-robin technique that lets botnets hide phishing and malware delivery sites behind an ever-changing network of compromised systems acting as proxies.

    “The complex setup of the Avalanche network was popular amongst cybercriminals, because of the double fast flux technique offering enhanced resilience to takedowns and law enforcement action,” Europol said in its statement.

    It’s worth noting here that Avalanche has for many years been heavily favored by crime gangs to deploy Zeus and SpyEye malware variants involved in cleaning out bank accounts for a large number of small to mid-sized businesses. These attacks relied heavily on so-called “money mules,” people willingly or unwittingly recruited into helping fraudsters launder stolen funds.

    At the time of the takedown, the Avalanche cybercrime infrastructure spanned more than 180 countries, according to The Shadowserver Foundation, a nonprofit group that helped authorities gain control over the Avalanche domains. Read more on Shadowserver’s role in this effort here.

  3. #3
    Data de Ingresso
    Dec 2016
    Interessante a notícia, obrigado)

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens