Avalanche: Thwarting Cybercriminal Hazards
On November 30th, an international law enforcement operation stamped out Avalanche, a large-scale content and management platform designed for the delivery of bullet-proof botnets.
Save to Folio
|Malware Family||Trend Micro Detection||Malware Family||Trend Micro Detection|
|Corebot||COREBOT||Smoke Loader / Dofoil||GAMARUE|
|Bolek||BOLEK||TeslaCrypt||RANSOM_TESLACRYPT / CRYPTESLA|
|Gozi2||GOZI/PAPRAS||Tiny Banker / Tinba||TINBA|
|Nymaim||NYMAIM / HPNYMAIM||Cerber||RANSOM_CERBER|
Figure 1. Some of the malware families leveraged by AvalancheInformation from Europol and Shadowserver Foundation cited over 20 malware families involved in Avalanche’s campaigns, which Trend Micro’s free HouseCall online scanner has detections for. Affected end users can also utilize HouseCall to remove the related files from their systems—which is as crucial as malware removal. Command and control (C&C) communications from infected machines, for instance, can still be triggered, consequently generating junk traffic that can affect system performance. A compromised machine could also be potentially configured to prevent it from accessing Internet resources such as cleanup tools and patches. Users can mitigate risks of reinfection by updating device and account credentials, checking if online accounts or backups have been modified, and ensuring that the latest patches are installed in the system.
Figure 2. Top countries affected by banking malware, Q1–Q3 2016Cashing In on Financial Information Aside from ransomware, Avalanche’s arsenal mainly comprised banking malware. These enabled bad guys to surreptitiously harvest e-mail and banking credentials, which cost German online banking systems approximately 6 million euros in losses. Avalanche paints a classic picture of cybercrime’s commercialization, employing malware to cash in on the victims’ digital information. Feedback from our Smart Protection Network showed that within the first three quarters of 2016, Brazil and the U.S. had the most banking malware detections in their regions. In Europe, most of detections were observed in Germany, Italy, France, United Kingdom, Austria, and Spain. In the APAC region, Japan, the Philippines, Vietnam and China took the brunt of threats that leveraged banking Trojans. Making the World Safe for Exchanging Digital Information Avalanche’s infrastructure was spread across 30 countries and several U.S. states, and needed a multinational effort to take down. Trend Micro, particularly the Forward Looking Threat Research (FTR) team, works concertedly with various law enforcement agencies around the world—the Interpol, Europol, FBI, and U.K.’s National Crime Agency, to name a few—to help fight cybercrime. We help empower international law enforcement organizations that keep watch over their cyberspace by providing the necessary technology, information and expertise. We don't just supply data; Trend Micro also actively collaborates with law enforcement on investigations to ultimately attribute and bring to justice those behind cybercriminal attacks. More than just working to protect our customers, Trend Micro also aims to make the world safe for exchanging digital information. Cybercrime is a growing global "enterprise," but with five arrests, 37 searched premises, 39 seized servers and 221 more knocked offline, Avalanche’s takedown, along with similar triumphs, not only serves as a cautionary tale for would-be cybercriminals. It also demonstrates our industry’s progress in making the internet safer for everyone.