News & Insights

Topic: Botnets

VPNFilter - FBI Sinkholing

May 23, 2018
VPNFilter is a multi-stage modular malware platform designed to infect small office and home office (SOHO) routers and other network devices, believed to be connected to APT28. It was sinkholed under court order by the FBI, with infected device data being made available via Shadowserver's free daily network reports.

Avalanche year two, this time with Andromeda

December 4, 2017
On December 1st last year, the successful takedown of the long-running criminal Avalanche double fast flux platform was announced by a consortium of international public and private partners, including The Shadowserver Foundation. One year saw another milestone, with the addition of Andromeda-related domains being added to the set of Avalanche domains to be seized/blocked in a second round of LE action. This takes us to 842,000 malicious domains and another 2+ million unique infected victim IP addresses hitting the sinkholes per day and requiring remediation.

Kelihos.E Botnet - Law Enforcement Takedown

April 12, 2017
On Monday April 10th 2017, The US Department of Justice (DOJ) announced a successful operation to take down the Kelihos Botnet and arrest the suspected botnet operator.

Avalanche – Law Enforcement Take Down

December 1, 2016
For the past 18 months, The Shadowserver Foundation has been quietly working to support international Law Enforcement agencies in the coordinated take down of the criminal operated Avalanche malware delivery platform.

Gameover Zeus & Cryptolocker

June 8, 2014
On Monday June 2nd 2014, the US Department of Justice announced an ongoing operation to take down the infamous Gameover Zeus and CryptoLocker cybercrimal botnet infrastructures. "Operation Tovar" is a joint effort between international law enforcement agencies, such as the FBI, UK NCA and Europol/EC3, plus multiple private partners.

Beware the trolls, secure your trackers

August 14, 2012
You track botnets? Right, we do as well. You spent your weekends building your slick botnet trackers and some fancy web interface? Damn, we did too. But let's face the truth, DDoS is boring. What gives better sense to your day than some random crook trolling you and your monitoring infrastructure? Nothing. So here's what happened today...

Of House Cleaning and Botnet C&C's

March 7, 2012
In the last couple of weeks we have dropped almost 2500 C&C's from our tracking system. This may seem extreme but is was something of a necessity. It should also bring up the question of validity of the rest of our C&C counts that you see.