Avast and Police Kill 850,000 Malware Infections
Avast and French Police Outsmart Botnet Creators
Cristal M Clark
The Retadup malware infects computers and starts mining cryptocurrency by sapping power from a computer’s processor. The malware was used to generate money and the malware operators could also run other malicious code, such as spyware and/or ransomware. The malware also comes with a bonus, wormable properties, allowing it to spread from computer to computer.
Since its birth, the cryptocurrency mining malware has spread across the world, including the U.S., Russia, and Central and South America.
Sounds a lot like a nightmare for any infected computer, yet French police managed to hijack and neutralized a massive cryptocurrency mining botnet that controlled close to a million infected computers. Security firm Avast confirmed that the operation was quite successful.
Avast discovered a design flaw in the malware’s command and control server. That flaw, if properly exploited, would have “allowed us to remove the malware from its victims computers without pushing any code to victims computers,” according to researchers at Avast.
Sadly, Avast did not have the proper legal authority to exploit the flaw considering it would have involved them manipulating end users computers without their permission and I am not referring to the bad guys, I am referring to individuals such as you or myself. So Avast did the next best thing, they contacted French authorities because the malwares infrastructure seemed to live and breath in France.
So after obtaining the right authorization in July, Avast and French police took control of the server and disinfect affected computers.
This take-down ended in perfect fashion however had the authors of the malware realized what had been happening they could have pushed ransomware to hundreds of thousands of computers while still attempting to profit from the malware before the take-down.
Researchers built their own replica of the malware since they now had a copy of it, which disinfected victim computers instead of causing infections. Avast amazingly stopped the malware from operating and removed the malicious code to over 850,000 infected computers.
Remotely shutting down a malware botnet is a rare and difficult feat to achieve, my hats off to the Avast and the French Police.
Cristal M Clark