>From my understanding Avalanche wasn't a single botnet but was high availability infrastructure used by multiple different families/operators.
-AK On Dec 1, 2016 10:37 AM, "John Levine" <jo...@iecc.com> wrote: > Avalanche is a large nasty botnet, which was just disabled by a large > coordinated action by industry and law enforcement in multiple > countries. It was a lot of work, involving among other things > disabling or sinkholing 800,000 domain names used to control it. > > More info here: > > https://www.europol.europa.eu/newsroom/news/%E2%80% > 98avalanche%E2%80%99-network-dismantled-in-international-cyber-operation > > http://blog.shadowserver.org/2016/12/01/avalanche/ > > As both items point out, if your users are infected with Avalance, > they're still infected, but now if you disinfect them, they won't get > reinfected. At least not with that particular flavor of malware. > > R's, > John > > >
