Avalanche botnet takedown
anthony.kasza at gmail.com
Thu Dec 1 19:02:50 UTC 2016
>From my understanding Avalanche wasn't a single botnet but was high
availability infrastructure used by multiple different families/operators.
On Dec 1, 2016 10:37 AM, "John Levine" <johnl at iecc.com> wrote:
> Avalanche is a large nasty botnet, which was just disabled by a large
> coordinated action by industry and law enforcement in multiple
> countries. It was a lot of work, involving among other things
> disabling or sinkholing 800,000 domain names used to control it.
> More info here:
> As both items point out, if your users are infected with Avalance,
> they're still infected, but now if you disinfect them, they won't get
> reinfected. At least not with that particular flavor of malware.
More information about the NANOG