The attackers had made a mistake ...
The attackers had made a mistake ...
French and US authorities, through a collaboration with Avast Antivirus, have managed to crack a bot network that used unsuspecting victims' computers to dig for cryptocurrency.
Made money for the attacker
Over 850,000 machines have been infected by the damage product Retadup. It duplicates itself and uses the victims' processor to dig for cryptocurrency - a process that makes the people behind the malware make money.
The damage product can also function as a ransom virus, and is spread among other things through e-mail attachments.
Most of the infected machines were in Latin America, but it had also spread to both the United States and Russia.
But in March, Avast conducted an analysis of the damage product, and the company's Threat Intelligence team discovered a design flaw that allowed it to be removed from the victims' machines.
Instructed the damage product to delete itself
As the damage product's infrastructure was located in France, Avast worked with the authorities to take over Retadup's servers. The FBI was also involved in the work and took over Retradup's servers in the United States.
Then Avast developed a clone of the malware that instructed the rest of the Retadup instances to delete itself. According to Avast, over 850,000 instances of the damage product were deleted between July 2 - August 19.
"In the first second it was actively connected, several thousand censors joined in to receive commands from the server. The server responded and disinfected them by abusing the protocol design error, "Avast writes in a blog post.
So far, no arrests have been made in connection with the case. Security experts from Under the Breach believe the responsible person is a 26-year-old man from Palestine, ZDNet writes.