Bitdefender joins Europol and partners to support victim disinfection after dismantling of international criminal ring Avalanche

Do your part for a safer Internet and scan your devices for these now-extinct threats using the free tool provided by Bitdefender.

On November 30, a thorough investigation code-named Operation Avalanche has materialized in an extremely complex, cross-jurisdiction, cross-industry clean-up effort. The project, coordinated by Europol and supported by partner anti-malware vendors, targeted malware families that have wrought havoc in the past years and inflicted significant damage to computer users all over the world.

Operation Avalanche targets 20 different malware families both old (yet functioning) botnets such as Goznym, Marcher, Dridex, Matsnu, URLZone, XSWKit, Pandabanker, as well as newer – yet better-known – threats such as the Cerber or Teslacrypt ransomware strains. Throughout their operation, they managed to extort roughly hundreds of millions of Euro worldwide , although the extent of the damage can’t be accurately determined because of the high volume of operations managed through the Avalanche platform.

As part of the operation, Europol and its global partners seized, sinkholed or blocked over 800,000 web domains used by malware to call back home, confiscated over 30 servers and put offline more than 220 servers via abuse notification protocols. All these efforts ensure that the command and control mechanisms for the target botnets are disrupted and infected bots can’t call home for new instructions.

Along with the pursuit of justice in a number of court cases, the purpose of this massive mobilization of forces is to provide comprehensive clean-up for the targeted malware families which ensures that malware won’t persist on the victims’ computer after its command-and-control centers have been taken down.

Why is cleanup necessary?

After the command and control centers are rendered inoperable, bots on the infected computers can’t usually inflict any direct damage. However, their attempts at getting in touch with the command and control centers for further instructions would not only waste precious CPU cycles, but also generate junk internet traffic. Some other times, such bots modify the current configuration of the computer which may prevent it to connect to the internet or access specific resources. A well known example of such behavior is the DNS Changer Trojan that made it impossible for some 25,000 computers to access the Internet after its command and control center had been shut down.

“Removal is a critical step that victims need to take in order to ensure the extinction of these malware families. Even if our products have successfully detected these threats since their emergence, the removal tool we built as part of the cooperation with Europol allows victims running other security solutions – or no solution at all – to successfully disinfect their machines and clean up after the botnet”, said Catalin Cosoi, Chief Security Strategist at Bitdefender.

If you have any doubts that your computer might be part of any of these botnets or if you want to run a quick check, we advise that you download the removal tool and run a full system scan. Alternatively, if you are not running a security solution on your computer, you might want to install a full antimalware suite such as the Bitdefender Total Security Multi-Device for continuous protection against malware.

Our biggest thanks go to the Bitdefender antimalware team in the Iasi office who worked around the clock to provide free removal and disinfection for all the malware families that made the object of yesterdays takedown: Dan Anton -Technical Project Manager. Antimalware Laboratory; Bogdan Prelipcean – Technical Leader. Antimalware Laboratory; George Jescu – Technical Leader. Antimalware Laboratory Adrian Popescu – Team Leader. Antimalware Laboratory; Bogdan Timofte – Senior Malware Researcher; Eduard Budaca – Junior Malware Researcher; Andrei Nacu – Team Leader. Antimalware Laboratory; Alexandru Munteanu – Junior Malware Researcher; Lucian Alexandru – Junior Malware Researcher. 

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.