AVAST Destroy Massive Botnet

AVAST is an Internet security firm and they achieved a great fight back with the help of the French Police.

Criminals employ malware for various tasks including accessing personal information, stealing financial data such as credit card details, collecting logins and passwords, potentially encrypting files then demanding a ransom be paid and so on.

One class of malware that is less dangerous is data mining where the criminals don’t steal data but use your computers processing power for their own benefit. The side effect is that your computer will run slowly and may crash at times.

Retadup malware is a recent incarnation of this and it is used for data mining of Bitcoin cyber currency. It infects your computer and runs a programme to aid its owners in making Bitcoins.

This requires huge amounts of processing power and typically the scam involves many thousands of computers – unknown to their owners.

In this case, approximately 850,00 computers were compromised by Retadup.

The Take-Down

AVAST became involved when it discovered a design flaw in the software controlling Retadup. AVAST realised that the flaw could be used to allow someone to instruct the control to remove the malware from its victims’ computers.

AVAST are a private company and lacked the legal authority to carry this out. Most of the malware’s infrastructure was located in France, so Avast contacted French police. They received the go-ahead and the police went ahead with the operation to take control of the server and disinfect affected computers.

The police replaced the malicious command and control server with a prepared server that made connected instances of Retadup self-destruct. In the very first second of its activity, several thousand bots connected to it in order to fetch commands from the server. The Police server responded to them and disinfected the computers.

Jean-Dominique Nollet, head of the French police’s cyber unit, said the malware operators generated several million euros worth of cryptocurrency.

Remotely shutting down a malware botnet is a rare achievement — as it’s difficult to carry out.

Well done AVAST and the French authorities.

If you have any experiences with stopping botnets do let me know, by email.

Fightback Ninja Signature

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.