Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Wednesday August 28 2019, @06:27PM   Printer-friendly
from the a-force-for-good dept.

Antivirus maker Avast and the French National Gendarmerie announced today that they've taken down the backend infrastructure of the Retadup malware gang.

Furthermore, as a result of gaining access to this infrastructure, Avast and French authorities used the criminal gang's command and control (C&C) servers to instruct the Retadup malware to delete itself from infected computers, effectively disinfecting over 850,000 Windows systems without users having to do anything.

The antivirus maker said that all of this was possible after its malware analysts began looking into the malware with a fine comb back in March.

Avast researchers discovered a design flaw in the C&C server communications protocol that could allow them to instruct the malware to delete itself.

Since the Retadup malware's C&C servers were located in France, Avast approached French authorities, who agreed to help, and seized the crooks' servers.

Once Avast and French officials had the Retadup servers in their hands, they replaced the malicious ones with copies that instructed any infected host which connected to the server to delete itself.

[...] No arrests have been made in this case; however, Avast believes they've tracked the malware's creator to a Twitter account who bragged about Retadup when the first reports emerged online about its activity back in 2017.

[...] French authorities also received help from the FBI after Avast found that some parts of the Retadup infrastructure was also hosted in the US. Those servers have also been taken down and Avast said the Retadup creators lost complete control over their botnet on July 8, after the FBI intervened.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.