Latest in Gear

Image credit: Jirapong Manustrong via Getty Images

Researchers helped French police dismantle a crypto-mining botnet

They commandeered the botnet to disinfect compromised devices.
167 Shares
Share
Tweet
Share
Save

Sponsored Links

Jirapong Manustrong via Getty Images

It seems like every week there's news of a new piece of malware being used to steal user data or to take control of devices. For once, though, there's some good news in the war on intrusive software: A botnet which was spreading crypto-mining malware has been taken over by police and used to remove the malware from infected computers.

The Retadup malware, the target of the operation, has spread around the world but was particularly active in South America. It infects computers and uses their processing power to mine for cryptocurrency without the knowledge of the device's owner. This malware was particularly concerning because it is "wormable," meaning it can propagate from one computer to another.

The police were able to hijack the malware after the Avast security firm discovered a flaw in its command and control (C&C) server. Although Avast is headquartered in the Czech Republic, it contacted the French police as most of the servers hosting the malware were located in France.

Avast described the process of identifying the flaw, passing this information to the police, and instructing the police on how to repurpose the botnet to turn the C&C server into a disinfection server in a blog post. By taking over the C&C server and using it to distribute a malware removal script, the police could remove the malware from users' computers automatically, with no user action required.

"The disinfection server responded to incoming bot requests with a specific response that caused connected pieces of the malware to self-destruct," Avast representative Jan Vojtěšek said in the post. "At the time of publishing this article, the collaboration has neutralized over 850,000 unique infections of Retadup."

Even with Retadup cleaned up, malware which deploys crypto-mining scripts continues to be a security concern. Browsers like Firefox have plans to launch tools to protect users from this threat.

Via: TechCrunch
Source: Avast
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
167 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget’s guide to Home Entertainment

Engadget’s guide to Home Entertainment

View
Logitech unveils its first mouse and keyboard built for Chrome OS

Logitech unveils its first mouse and keyboard built for Chrome OS

View
'Control' will let you photograph its beautiful Brutalist setting

'Control' will let you photograph its beautiful Brutalist setting

View
Google's Daydream VR experiment is over

Google's Daydream VR experiment is over

View
Here's everything Google announced at the Pixel 4 event

Here's everything Google announced at the Pixel 4 event

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr