'Avalanche' takedown - with 'Andromeda'
Dec 4, 2017 - "On December 1st last year, the successful takedown* of the long-running criminal Avalanche double fast-flux-platform was announced by a consortium of international public and private partners, including The Shadowserver Foundation. This unprecedentedly complex operation was the culmination of over four-years of law enforcement and technical work, and impacted over twenty different malware families that utilized over 832,000 different DNS domains for Domain Generation Algorithms (DGAs) in -60- top level domains. Sinkhole data from the Avalanche platform is available each day in Shadowserver’s free of charge daily reports to national CERTs and network owners... with many victim computers still to be disinfected (you can find tools for disinfection here)...
... On 29 November 2017, the Federal Bureau of Investigation (FBI), in close cooperation with the Luneburg Central Criminal Investigation Inspectorate in Germany, Europol’s European Cybercrime Centre (EC3), the Joint Cybercrime Action Task Force (J-CAT), Eurojust and private-sector partners The Shadowserver Foundation, Microsoft, The Registrar of Last Resort, Internet Corporation for Assigned Names and Numbers (ICANN) and associated domain registries, Fraunhofer Institute for Communication, Information Processing and Ergonomics (FKIE), and the German Federal Office for Information Security (BSI), as well as law enforcement representatives from Australia, Austria, Belarus, Belgium, Canada, Finland, France, Italy, the Montenegro, Netherlands, Poland, Singapore, Spain, the United Kingdom and Taiwan, announced** that they had dismantled one of the longest running malware families in existence – Andromeda (also known as Gamarue). At the same time, they also continued their existing legal and technical actions against over 848,000 Avalanche related command and control (C2) domains, to continue to protect existing victims and provide more time for any remaining victims to be identified and remediated...
... They successfully extended and expanded sinkholing of the -21- malware families that made use of the Avalanche platform, and the associated takedown of the -Andromeda-botnet- is another great example of how complex international operations can successfully be jointly executed by a combination of cross-disciplinary public and private partners in the ongoing fight against cyber criminals globally."
(More detail at the URL at the top.)
Dec 1, 2017 - "... The operation involves arrests and searches in five countries. More than -50- Avalanche servers worldwide were taken offline..."
Press Release Number: 16-1409
PayPal phish - 'verify transactions'
Dec 1, 2017 - "There’s a number of -fake- PayPal emails going around right now claiming that a 'recent transaction can’t be verified'... Here’s two examples of how these mails are being named from one of our mailboxes:
Here’s the most recent email in question:
Clicking the button takes potential victims to a -fake- PayPal landing page, which tries very hard to direct them to a “resolution center”:
The URL is:
epauypal(dot)com: A temporary error occurred during the lookup...
From here, it’s a quick jump to two pages that ask for the following slices of personal information and payment data:
1. Name, street address, city, state, zip, country, phone number, mother’s maiden name, and date of birth
2. Credit card information (name, number, expiration code, security code)
... Whatever your particular spending circumstance, wean yourself away from clicking on -any- email-link where claims of payment or requests for personal information are concerned. Take a few seconds to manually navigate to the website in question. and log in directly instead. If there are any payment hiccups happening behind the scenes, you can sort things out from there. Scammers are banking on the holiday rush combined with the convenience of “click link, do thing” to steal cash out from under your nose..."
Dec 4, 2017
Dec 4, 2017
Dec 4, 2017
Dec 1, 2017
Edited by AplusWebMaster, 04 December 2017 - 02:57 PM.