Online criminals iced as cops bury malware-spewing Avalanche

Four-year op by US and EU culminates in arrests, server seizures


On November 30, simultaneous raids in five countries by the FBI, Europol, and the UK's National Crime Agency (NCA) finally shuttered the Avalanche criminal network that has been spewing malware and money laundering campaigns for the past seven years.

The Avalanche network was a system of 600 servers around the world that were available for hire to online criminals. They could be used for launching malware infection campaigns, funneling funds from phishing scams, and controlling more than 500,000 infected PCs a day, police estimate. They also spammed out a million emails carrying viruses every week.

"The volume of fraudulent activity made possible by Avalanche was incredible. But the scale of the global law enforcement response was unprecedented, as 20 strains of malware and 800,000 domains were targeted on one day," said Mike Hulett, of the NCA's National Cyber Crime Unit.

"Unfortunately, taking down Avalanche doesn't clean computers already infected with malware, so while the criminals are scrabbling around inevitably trying to rebuild their operations, computer users should use this window to install anti-virus software and make sure they're protected."

The raids on Wednesday seized 39 servers and took another 221 offline. Thirty-seven premises were searched, and 830,000 malicious domains were shut down. Police found 20 different malware families on the network, including goznym, marcher, matsnu, urlzone, xswkit, and pandabanker.

The Avalanche operation started in 2012, when German police investigating a large ransomware outbreak found evidence that the source of their woes was the rogue network. The way Avalanche was set up made it very difficult to map and penetrate due to a technique called double fast flux.

Fast flux is a common criminal technique designed to stymie police investigations by swapping the IP address attached to a domain regularly, sometimes every few minutes, between different servers.

Avalanche augmented this by making sure that both the domain location and the name server queried for this location changed, making it doubly hard for investigators to locate and identify criminal operations.

To combat this, investigators in the EU and US used a technique called sinkholing, where data traffic from infected machines is redirected through servers controlled by the police and analyzed. Police around the world sifted through 130TB of data to find the information needed to identify the Avalanche architecture.

"Avalanche has been a highly significant operation involving international law enforcement, prosecutors and industry resources to tackle the global nature of cybercrime," said Europol Director Rob Wainwright.

"The complex trans-national nature of cyber investigations requires international cooperation between public and private organisations at an unprecedented level to successfully impact on top-level cybercriminals. Avalanche has shown that through this cooperation, we can collectively make the internet a safer place for our businesses and citizens." ®


Other stories you might like

  • India reveals home-grown server that won't worry the leading edge

    And a National Blockchain Strategy that calls for gov to host BaaS

    India's government has revealed a home-grown server design that is unlikely to threaten the pacesetters of high tech, but (it hopes) will attract domestic buyers and manufacturers and help to kickstart the nation's hardware industry.

    The "Rudra" design is a two-socket server that can run Intel's Cascade Lake Xeons. The machines are offered in 1U or 2U form factors, each at half-width. A pair of GPUs can be equipped, as can DDR4 RAM.

    Cascade Lake emerged in 2019 and has since been superseded by the Ice Lake architecture launched in April 2021. Indian authorities know Rudra is off the pace, and said a new design capable of supporting four GPUs is already in the works with a reveal planned for June 2022.

    Continue reading
  • Prisons transcribe private phone calls with inmates using speech-to-text AI

    Plus: A drug designed by machine learning algorithms to treat liver disease reaches human clinical trials and more

    In brief Prisons around the US are installing AI speech-to-text models to automatically transcribe conversations with inmates during their phone calls.

    A series of contracts and emails from eight different states revealed how Verus, an AI application developed by LEO Technologies and based on a speech-to-text system offered by Amazon, was used to eavesdrop on prisoners’ phone calls.

    In a sales pitch, LEO’s CEO James Sexton told officials working for a jail in Cook County, Illinois, that one of its customers in Calhoun County, Alabama, uses the software to protect prisons from getting sued, according to an investigation by the Thomson Reuters Foundation.

    Continue reading
  • Battlefield 2042: Please don't be the death knell of the franchise, please don't be the death knell of the franchise

    Another terrible launch, but DICE is already working on improvements

    The RPG Greetings, traveller, and welcome back to The Register Plays Games, our monthly gaming column. Since the last edition on New World, we hit level cap and the "endgame". Around this time, item duping exploits became rife and every attempt Amazon Games made to fix it just broke something else. The post-level 60 "watermark" system for gear drops is also infuriating and tedious, but not something we were able to address in the column. So bear these things in mind if you were ever tempted. On that note, it's time to look at another newly released shit show – Battlefield 2042.

    I wanted to love Battlefield 2042, I really did. After the bum note of the first-person shooter (FPS) franchise's return to Second World War theatres with Battlefield V (2018), I stupidly assumed the next entry from EA-owned Swedish developer DICE would be a return to form. I was wrong.

    The multiplayer military FPS market is dominated by two forces: Activision's Call of Duty (COD) series and EA's Battlefield. Fans of each franchise are loyal to the point of zealotry with little crossover between player bases. Here's where I stand: COD jumped the shark with Modern Warfare 2 in 2009. It's flip-flopped from WW2 to present-day combat and back again, tried sci-fi, and even the Battle Royale trend with the free-to-play Call of Duty: Warzone (2020), which has been thoroughly ruined by hackers and developer inaction.

    Continue reading

Biting the hand that feeds IT © 1998–2021