Following legal raids in five countries, authorities have dismantled a major botnet that’s been plaguing the internet since 2009. Dubbed Avalanche, the botnet controlled hundreds of thousands of computers in more than 180 countries.
In the four year undertaking, five individuals were arrested, 39 servers were seized, 221 more servers were put offline, and 800,000 infected domains were seized or blocked, according to a joint press release from the U.S. Attorney’s Office for the Western District of Pennsylvania, Department of Justice, FBI, Europol, Eurojust, and other global partners.
“Avalanche shows that we can only be successful in combating cybercrime when we work closely together, across sectors and across borders,” Julian King, European Commissioner for the Security Union, says in the release.
Avalanche has been called “the world’s most prolific phishing gang,” Ars Technica reports, but how it’s acted has evolved over the years. Originally it was responsible for a majority of the world’s phishing attacks, largely masquerading (rather successfully) as legitimate emails from financial institutions. However, it also spread the Zeus financial fraud botnet, and in recent years, has spread other malware and ransomware. On average, it sent more than a million spam emails each week, and affected around 500,000 computers each day. As a testament to its real world damage, the botnet is responsible for more than $6.3 million in damages in Germany’s online banking system alone.
It sounds like “sinkholing” this operation, as it’s called, has been an incredibly massive endeavor.