Law enforcers and industry players have teamed up to take down infrastructure supporting at least 20 malware families, in the culmination of a four-year investigation.
The Public Prosecutor’s Office Verden and the Lüneburg Police in Germany partnered with the United States Attorney’s Office for the Western District of Pennsylvania, the US Department of Justice and FBI, Europol, Eurojust and vendors including Symantec and Bitdefender in Operation Avalanche.
Monetary losses from the network are thought to run into the hundreds of millions, as it supported banking Trojans, ransomware and more, including Goznym, Marcher, Dridex, Matsnu, Pandabanker, Cerber and Teslacrypt, according to Bitdefender.
Victims were identified in over 180 countries.
The operation this week involved investigators from 30 countries and resulted in 221 servers being taken offline and 800, 000 domains being seized, sinkholed or blocked, Europol revealed.
Further, five people were arrested, 37 premises were searched and 39 servers were seized.
Julian King, European commissioner for the Security Union, claimed the operation shows what can be done with cross-border co-operation.
“Cybersecurity and law enforcement authorities need to work hand in hand with the private sector to tackle continuously evolving criminal methods,” he added. “The EU helps by ensuring that the right legal frameworks are in place to enable such cooperation on a daily basis".
The infrastructure taken offline by police was in operation since 2009 and featured an estimated 500,000 compromised PCs operating daily. The gang behind it are said to have sent over one million malicious spam emails each week to victims around the globe.
“Removal is a critical step that victims need to take in order to ensure the extinction of these malware families,” explained Bitdefender chief security strategist, Catalin Cosoi.
“Even if our products have successfully detected these threats since their emergence, the removal tool we built as part of the cooperation with Europol allows victims running other security solutions – or no solution at all – to successfully disinfect their machines and clean up after the botnet.”