[192875] in North American Network Operators' Group
Avalanche botnet takedown
daemon@ATHENA.MIT.EDU (John Levine)
Thu Dec 1 12:34:52 2016
X-Original-To: nanog@nanog.org
Date: 1 Dec 2016 17:34:26 -0000
From: "John Levine" <johnl@iecc.com>
To: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
Avalanche is a large nasty botnet, which was just disabled by a large
coordinated action by industry and law enforcement in multiple
countries. It was a lot of work, involving among other things
disabling or sinkholing 800,000 domain names used to control it.
More info here:
https://www.europol.europa.eu/newsroom/news/%E2%80%98avalanche%E2%80%99-network-dismantled-in-international-cyber-operation
http://blog.shadowserver.org/2016/12/01/avalanche/
As both items point out, if your users are infected with Avalance,
they're still infected, but now if you disinfect them, they won't get
reinfected. At least not with that particular flavor of malware.
R's,
John
