Avast And French Police Take Over Malware Botnet And Disinfect 850,000 Computers
Arthur T Knackerbracket has found the following story:
Antivirus maker Avast and the French National Gendarmerie announced today that they've taken down the backend infrastructure of the Retadup malware gang.
Furthermore, as a result of gaining access to this infrastructure, Avast and French authorities used the criminal gang's command and control (C&C) servers to instruct the Retadup malware to delete itself from infected computers, effectively disinfecting over 850,000 Windows systems without users having to do anything.
The antivirus maker said that all of this was possible after its malware analysts began looking into the malware with a fine comb back in March.
Avast researchers discovered a design flaw in the C&C server communications protocol that could allow them to instruct the malware to delete itself.
Since the Retadup malware's C&C servers were located in France, Avast approached French authorities, who agreed to help, and seized the crooks' servers.
Once Avast and French officials had the Retadup servers in their hands, they replaced the malicious ones with copies that instructed any infected host which connected to the server to delete itself.
[...] No arrests have been made in this case; however, Avast believes they've tracked the malware's creator to a Twitter account who bragged about Retadup when the first reports emerged online about its activity back in 2017.
[...] French authorities also received help from the FBI after Avast found that some parts of the Retadup infrastructure was also hosted in the US. Those servers have also been taken down and Avast said the Retadup creators lost complete control over their botnet on July 8, after the FBI intervened.
Read more of this story at SoylentNews.