Avalanche botnet takedown

anthony kasza anthony.kasza at gmail.com
Thu Dec 1 19:02:50 UTC 2016

>From my understanding Avalanche wasn't a single botnet but was high
availability infrastructure used by multiple different families/operators.


On Dec 1, 2016 10:37 AM, "John Levine" <johnl at iecc.com> wrote:

> Avalanche is a large nasty botnet, which was just disabled by a large
> coordinated action by industry and law enforcement in multiple
> countries.  It was a lot of work, involving among other things
> disabling or sinkholing 800,000 domain names used to control it.
> More info here:
> https://www.europol.europa.eu/newsroom/news/%E2%80%
> 98avalanche%E2%80%99-network-dismantled-in-international-cyber-operation
> http://blog.shadowserver.org/2016/12/01/avalanche/
> As both items point out, if your users are infected with Avalance,
> they're still infected, but now if you disinfect them, they won't get
> reinfected.  At least not with that particular flavor of malware.
> R's,
> John

More information about the NANOG mailing list