French Cyber Police Takedown Paris-based Botnet

French cyber police have reportedly taken down a botnet, that infected more that 850,000 computers, mostly in South America.

According to AFP, the operation began in March 2019 when Czech antivirus firm Avast alerted the Cybercrime Fighting Center (C3N) of the French National Gendarmerie, about a virus called Retadup, that was being controlled by a server in the Paris region.

Retadup infected hundreds of thousands of Windows-operating computers, in over 100 countries but mostly in Central and South America. The virus attack route was an email that offered either easy money or erotic pictures.

Botnet takedown

The C3N unit worked with the FBI and Avast to take down the malware, and in a “world first” also reportedly removed the malware from the infected computers.

“It’s a huge operation” given the number of computers infected, Gerome Billois, a cybersecurity expert at the French IT services firm Wavestone was reported by AFP as saying.

“Retadup is a malicious worm affecting Windows machines throughout Latin America,” wrote Avast. “Its objective is to achieve persistence on its victims’ computers, to spread itself far and wide and to install additional malware payloads on infected machines. In the vast majority of cases, the installed payload is a piece of malware mining cryptocurrency on the malware authors’ behalf. However, in some cases, we have also observed Retadup distributing the Stop ransomware and the Arkei password stealer.”

Avast apparently proposed a technique to disinfect Retadup’s victims, by utilising a design flaw in the botnet’s C&C communication protocol.

“In accordance with our recommendations, C3N dismantled a malicious command and control (C&C) server and replaced it with a disinfection server,” wrote Avast. “The disinfection server responded to incoming bot requests with a specific response that caused connected pieces of the malware to self-destruct. At the time of publishing this article, the collaboration has neutralized over 850,000 unique infections of Retadup.”

They then ordered all the infected computers to uninstall the Retadup malware, which police said was allowing the pirates to create the Monero cryptocurrency. It was also used in ransomware attacks and for stealing data.

It is reported that the hackers were able to make millions of euros since they created the botnet in 2016. The suspects are reportedly still at large.

Install AV

“Don’t click on links if you’re not sure who sent you the email,” Colonel Jean-Dominique Nollet, head of the C3N unit, told France Inter radio on Tuesday.

“Don’t click on attachments either, and use up-to-date antivirus programmes, even free ones,” Nollet said. “And try not to do anything stupid on the internet.”

Avast reportedly said that nearly 85 percent of the infected computers did not have antivirus programmes, while others had them but they had been deactivated.

It is common for law enforcement agencies to co-operate with global partners when tackling cyber crime.

In 2017 for example, police forces around the world teamed up to disrupt many long-running botnets powered by a malware family dubbed as Gamarue.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago