Avalanche Phishing Platform responsible for 800,000 malicious domains dismantled

Threat, Threat Operation

After four years of investigation, Europol, and other agencies finally dismantled the prominent Avalanche botnet platform on 30th Nov.

Avalanche platform once acted as a hub for malware campaigns worldwide.

Over the following years, Europol, the FBI, the US Department of Justice (DoJ), the German Public Prosecutor’s Office and technology firms including Shadowserver and Symantec have been investigating the Avalanche network, discovering a massive operation responsible for controlling a large number of “bots” across the world.

Experts estimates that Avalanche is responsible for a loss of six million euros damages in Germany alone through malware campaigns. Europol, however says “exact calculations are difficult due to the high number of malware families managed through the platform.”

During operation, Five arrests were made in 37 premises searches, resulting in the seizure of 39 servers.

In a joint operation, Europol seized, sinkholed, or blocked during the operation in total 800,000 malicious and fraudulent domains.

Avalanche gang was a criminal syndicate involved in multiple phishing attacks. In 2010, the Anti-Phishing Working Group (APWG) described Avalanche as one of the most sophisticated and damaging on the Internet and world’s most prolific phishing gang.

APWG reported that Avalanche was responsible for two-thirds of all phishing attacks in the second half of 2009.

The name “Avalanche” also refers to the network of websites and systems which the gang uses to carry out its attacks.

Avalanche infrastructure included more than 20 different malware families using multiple Domain Generation Algorithms (DGAs), operating from more than 30 countries.