Cybercriminal activity hub Avalanche Network has been busted by law enforcement agencies, ending a long reign of protection for botnet operators.
The operators were attempting to hide from takedown and domain blacklisting, but concentrated efforts from enforcement agencies have busted what ESET called a "fast-flux or ever-changing network".
"A fast-flux network, such as the one operated by the Avalanche group, can be defined as 'a DNS technique used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies', ESET says.
The network was made up of compromised hosts acting as proxy servers. They are more difficult to detect as security researchers as they can't map the attacker's infrastructure or identify the real command & control server.
Some of the various malware botnets using the Avalanche network included TeslaCrypt, Nymaim, CoreBot, GetTiny, Matsnu, Rovnix, URLZone and QakBot. ESET says that these families show the network is sold as a service to other cybercriminals.
ESET is offering a free cleaning tool for all users following the takedown. The company advises all users to use the tool to determine whether they were affected by one of the botnets using the network. The tool will then remove all harmful content at no cost.