International Investigators Shut down Mega Botnet
For many years, cyber criminals used the Avalanche botnet to launch phishing attacks, spam and online fraud. Now, an international investigator team succeeds in destroying this criminal activity.
Investigators from 39 countries have succeeded in an international operation against data theft and Internet fraud. Their investigation has revealed probably the world's largest infrastructure for the operation of so-called botnets. The FBI and other US authorities were also involved.
"This was an important and successful operation against the international cyber mafia," said the Interior Minister of Lower Saxony, Boris Pistorius.
The investigation was coordinated by the Lower Saxony authorities which cooperated the FBI and Europol and other agencies in 30 countries all over the world.
The investigators identified 16 suspects in an internationally coordinated action. Seven arrest warrants were issued. They belong to an internationally active ring of fraudsters who have been using the Avalanche botnet infrastructure for ransomware attacks and bank fraud since at least 2009. Weekly, more than one million spam and phishing e-mails were sent with malicious attachments or links.
By clicking links or opening attachments, computers were infected and thus became botnet zombies. This allowed the attackers to control and spy on more than 500,000 computers in 180 countries.
In 10 countries simultaneous searches and server confiscations took place. Only in Gemany, the overall damage sum is currently estimated at around 6 million Euros from 1336 cases. The worldwide damage could be a number with 9 zeros.
Most infected computers are located in Russia and the USA, the third most affected is Germany. The investigators have analyzed the structure and identified individual servers at the management level.
Analyzes have shown that around 20 different botnets used the infrastructure created by the Avalanche authors. The destruction of the infrastructure is currently being coordinated by the BSI – German national cyber defense center.
For now, it is known that only Windows systems and Android smartphones were part of the Avalanche botnet.
But this is only the first step. Because the malicious programs cannot be remotely deleted from the infected computers, affected users would be informed by their Internet providers and would need to clean their machines. Affected users should check their devices using antivirus software. This should be done as soon as possible.