The French National Gendarmerie teamed up with security researchers Avast to make a botnet with close to one million devices self-destruct.
Avast has been tracking the malware called Retadup for some time. The malware affects Windows machines and has spread at a rapid pace across the world, including the US, Russia, and Central and South America.
Retadup was designed to make money through mining cryptocurrency, an increasingly popular type of attack. However, it’s noted the malware could have been used for more traditional attacks like spying on devices or holding them ransom.
Avast discovered a design flaw in the command-and-control (C&C) server of the botnet. The flaw would have enabled Avast to remove the infection from victims’ devices without the need to push any code.
Of course, Avast is a company which acts within the law and it lacked the legal authority to take down the botnet using the discovered flaw. With most of the infrastructure for the malware being located in France, Avast reached out to the Cybercrime Fighting Center (C3N) of the French National Gendarmerie.
The French police agreed to proceed with an operation suggested by Avast whereby the malicious C&C is replaced with a disinfection server.
Avast and C3N had to be careful their activity was not detected by the malware’s authors, if it was, the result could have been very different.
“The malware authors were mostly distributing cryptocurrency miners, making for a very good passive income,” Avast said. “But if they realised that we were about to take down Retadup in its entirety, they might’ve pushed ransomware to hundreds of thousands of computers while trying to milk their malware for some last profits.”
According to Jean-Dominique Nollet, head of the French police’s cyber unit, the malware operators generated several million euros worth of cryptocurrency.
The feat accomplished by Avast and the French police is nothing short of impressive. As a result of their work, almost one million devices are now free of Retadup’s grasp and victims may not even be aware.
Interested in hearing industry leaders discuss subjects like this? Attend the co-located 5G Expo, IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London, and Amsterdam.
