Antivirus maker Avast and the French National Police have neutralized the back-end infrastructure of a malware botnet by hijacking its command-and-control (C&C) servers to instruct the malware to erase itself from infiltrated computers.
The tactic effectively disinfected more than 850,000 Windows systems without users having to take action.
The strategy exploited a design flaw in the Retadup malware gang's C&C server communications protocol, which Avast researchers had discovered earlier.
The servers were based in France, and Avast persuaded French authorities to collaborate in their seizure.
Avast then replaced the malicious servers with copies which instructed any infected host which linked to the server to delete itself.
View Full Article
Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA