Security News > 2020 > October > Microsoft and Other Tech Companies Take Down TrickBot Botnet

Days after the US Government took steps to disrupt the notorious TrickBot botnet, a group of cybersecurity and tech companies has detailed a separate coordinated effort to take down the malware's back-end infrastructure.

Microsoft and its partners analyzed over 186,000 TrickBot samples, using it to track down the malware's command-and-control infrastructure employed to communicate with the victim machines and identify the IP addresses of the C2 servers and other TTPs applied to evade detection.

"With this evidence, the court granted approval for Microsoft and our partners to disable the IP addresses, render the content stored on the command and control servers inaccessible, suspend all services to the botnet operators, and block any effort by the TrickBot operators to purchase or lease additional servers," Microsoft said.

"The TrickBot infrastructure was made available to cybercriminals who used the botnet as an entry point for human-operated campaigns, including attacks that steal credentials, exfiltrate data, and deploy additional payloads, most notably Ryuk ransomware, in target networks."

Typically delivered via phishing campaigns that leverage current events or financial lures to entice users into opening malicious file attachments or clicking links to websites hosting the malware, TrickBot has also been deployed as a second-stage payload of another nefarious botnet called Emotet.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/uslAhg1JuV8/trickbot-computer-virus.html