nanog mailing list archives
Re: Avalanche botnet takedown
From: anthony kasza <anthony.kasza () gmail com>
Date: Thu, 1 Dec 2016 12:02:50 -0700
From my understanding Avalanche wasn't a single botnet but was high
availability infrastructure used by multiple different families/operators. -AK On Dec 1, 2016 10:37 AM, "John Levine" <johnl () iecc com> wrote:
Avalanche is a large nasty botnet, which was just disabled by a large coordinated action by industry and law enforcement in multiple countries. It was a lot of work, involving among other things disabling or sinkholing 800,000 domain names used to control it. More info here: https://www.europol.europa.eu/newsroom/news/%E2%80% 98avalanche%E2%80%99-network-dismantled-in-international-cyber-operation http://blog.shadowserver.org/2016/12/01/avalanche/ As both items point out, if your users are infected with Avalance, they're still infected, but now if you disinfect them, they won't get reinfected. At least not with that particular flavor of malware. R's, John
Current thread:
- Avalanche botnet takedown John Levine (Dec 01)
- Re: Avalanche botnet takedown anthony kasza (Dec 01)
- Re: Avalanche botnet takedown Ronald F. Guilmette (Dec 01)
- Re: Avalanche botnet takedown Paul Ferguson (Dec 01)
- Re: Avalanche botnet takedown Tony Finch (Dec 02)
- Re: Avalanche botnet takedown Rich Kulawiec (Dec 01)
- Re: Avalanche botnet takedown J. Hellenthal (Dec 01)
- Re: Avalanche botnet takedown Justin Paine via NANOG (Dec 01)
- Re: Avalanche botnet takedown Robert McKay (Dec 01)
- Re: Avalanche botnet takedown Rich Kulawiec (Dec 01)
- Re: [nanog] Re: Avalanche botnet takedown Hugo Salgado-Hernández (Dec 02)
- Re: [nanog] Avalanche botnet takedown Jason Hellenthal (Dec 02)
- Re: Avalanche botnet takedown J. Hellenthal (Dec 01)