[192876] in North American Network Operators' Group
Re: Avalanche botnet takedown
daemon@ATHENA.MIT.EDU (anthony kasza)
Thu Dec 1 14:02:54 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <20161201173426.2861.qmail@ary.lan>
From: anthony kasza <anthony.kasza@gmail.com>
Date: Thu, 1 Dec 2016 12:02:50 -0700
To: John Levine <johnl@iecc.com>
Cc: North American Network Operators Group <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
From my understanding Avalanche wasn't a single botnet but was high
availability infrastructure used by multiple different families/operators.
-AK
On Dec 1, 2016 10:37 AM, "John Levine" <johnl@iecc.com> wrote:
> Avalanche is a large nasty botnet, which was just disabled by a large
> coordinated action by industry and law enforcement in multiple
> countries. It was a lot of work, involving among other things
> disabling or sinkholing 800,000 domain names used to control it.
>
> More info here:
>
> https://www.europol.europa.eu/newsroom/news/%E2%80%
> 98avalanche%E2%80%99-network-dismantled-in-international-cyber-operation
>
> http://blog.shadowserver.org/2016/12/01/avalanche/
>
> As both items point out, if your users are infected with Avalance,
> they're still infected, but now if you disinfect them, they won't get
> reinfected. At least not with that particular flavor of malware.
>
> R's,
> John
>
>
>
