French Police Dismantle Massive Global Botnet, Removing Digital Virus Threat
Measles might be on the rise, but thanks to a tip and some digital legwork by French police, the world has one fewer digital viruses to worry about.
Botnet Infected 850,000 Computers Worldwide
Hidden in emails that promised erotic photographs or get-rich-quick schemes, the Retadup virus managed to infect at least 850,000 computers around the world, creating an international botnet that was mainly controlled from France. Criminals were able to remotely control infected computers to mine cryptocurrency and extort money through ransomware.
Infected USB drives were also used to spread the virus, which targeted Windows-operating computers in over 100 countries, with the hardest hits in Central and South America. The operators of the botnet, who remain at large, are estimated to have made millions of euros from their fraudulent activities.
Evolution of Retadup Malware
Retadup malware was first detected in 2017 as a Trojan collecting and sending information from infected computers to a remote server. The virus later evolved to include a Monero cryptocurrency miner functionality, allowing hackers to profit from the infected machines.
Collaborative Efforts to Dismantle the Botnet
Following a tip from antivirus software manufacturer Avast, France’s digital crime-fighting center C3N located and dismantled a pirate server near Paris, used to distribute the virus. Avast researchers discovered a flaw in Retadup’s communication protocol, enabling the C3N team to build a replica server that instructs infected hosts to remove the malware.
Assisted by the FBI, the C3N team redirected traffic from a US-based part of the botnet infrastructure to the replica server. Over 850,000 infected computers have communicated with the replica server, with ongoing efforts to disinfect more machines that may not have connected recently.
Significance of the Operation
Speaking on France Inter radio, C3N chief Jean-Dominique Nollet emphasized the importance of dismantling the botnet. He stated, “People may not realize it, but 850,000 infected computers means massive firepower, enough to bring down all the [civilian] websites on the planet.”