Avast declared on August 28 that it was able to take away the Retadup botnet, which used victims’ computers to mine cryptocurrency for its administrators, from an estimated 850,000 systems by exploiting a defect with the worm’s command-and-control server. The security firm worked with the Cybercrime Fighting Center of the French National in addition to the FBI to “clean” the botnet.
Retadup was a wicked bug that could damage a computer, execute a given command, and then work to infect different systems. Avast said that even though it was mainly employed to mine cryptocurrency, it could’ve enabled various attacks on infected gadgets, so it had to avoid detection while it examined the botnet. The corporate was particularly concerned that Retadup would be utilized to spread ransomware if its operators knew it was compromised.
Exploiting a defect in Retadup’s command-and-control structure would allow Avast to remove the malware without pushing their updates to damaged systems. That way it could help everybody whose systems had been affected by Retadup instead of delivering a fixture that would only be available to Windows users who further used its antivirus solution.
Handling the technical aspect of this “disinfection” course was only a part of the struggle; however, which is why law enforcement agencies in France and the U.S. were concerned. Avast said it called the Cybercrime Fighting Center in March. Then it needed to wait for the French police to obtain approval to conduct the operation from a prosecutor, and in the meantime, it constructed new instruments to monitor Retadup’s activity surreptitiously.
Avast said that most of the 850,000 systems from which it is cleared Retadup so far were detected in Latin America, running Windows 7 and never relying on any antivirus solution