Home Malware Programs Botnets Avalanche Botnet

Avalanche Botnet

Posted: April 11, 2019

The Avalanche Botnet is a network of Trojans that facilitate the installation of other threats, such as banking Trojans. While compromised PCs aren't the targets of the Avalanche Botnet's attacks, their resources enable these payloads against other victims. Capable anti-malware products should remove the Avalanche Botnet's bots from your computer, along with blocking the associated threat-installing exploits.

The Rockslide Where Each Boulder is an Infected PC

While threat analysis, often, focuses on the 'flashy' elements of cyber-attacks, which includes the payload or any opening phishing tactics, the infrastructure that's helping all of those things happen is just as relevant to users and victims. The Avalanche Botnet occupies the niche of a semi-invisible threat which, despite causing little harm to the PCs that it compromises, can grow into much more trouble down the line. This decentralized Trojan network, since shut down, earned its fame by helping with delivering payloads as dangerous as Bebloh and the Keylogger Zeus – notorious banking Trojans.

After compromising a PC, the Avalanche Botnet's Trojan inserts a Registry entry for its persistence and, otherwise, does little more than wait for TCP port 80 connections. When it receives external data, it transfers it over to another server, which hosts most of the components of an 'opening salvo' in a banking Trojan attack, such as the executable for installing the Trojan and the phishing lure that tricks users into downloading it. Readers should be clear that the Avalanche Botnet doesn't deliver this payload to the same systems that it's using for its network; any bot-compromised computers are nothing more than hosts for distributing attacks to other entities.

The Avalanche Botnet operates as an intermediary and is suitably flexible for that purpose. Threat actors can rent its services for dropping other threats besides a bank account-compromised Trojan like Beboh, including file-locker Trojans, fake FBI tactics like the FBI PayPal Virus, or Remote Access Tools (RATs). Other threats that malware researchers can connect to the Avalanche Botnet include TeslaCrypt, the CoreBot backdoor Trojan, and Win32/Rovnix family bootkits.

Averting Crashing Rocks from Zombified Computer Networks

While the Avalanche Botnet had much of its infrastructure seized by authorities in 2016, some users may be using still-compromised systems. Worse, any users that have suffered exposure to the 'business end' of the Avalanche Botnet's attacks may, still, be running with high-level threats that compromise bank accounts and modify the Master Boot Record that loads before the operating system. The majority of the Avalanche Botnet's delivered packages include high-level threats with few symptoms relative to the damage that they can cause.

Users can double check their billing records and account activity for any incidental signs of tampering from remote attackers. For the other side of the Trojan network, the Avalanche Botnet's bot components will disguise themselves as Windows files, in addition to tampering with some system settings that could harm the operating system, if the user removes them improperly. Victims should run appropriate anti-malware services for deleting an Avalanche Botnet's Trojan or the other threats that its attacks drop on the systems of third parties.

For four years, if not more, the Avalanche Botnet gave criminals an efficient Trojan-distributing system with redundancy versus the efforts of the cyber-security sector. Although its authors paid the price for breaking the law, the lessons that it teaches are worth remembering, even years later.

Loading...