Security News > 2020 > October > TrickBot Botnet Survives Takedown Attempt
The TrickBot botnet appears to have resumed normal operations days after Microsoft announced that it managed to take it down using legal means.
On October 12, Microsoft and several partners announced that they were able to disrupt the TrickBot infrastructure by legally disabling IP addresses, making servers inaccessible and suspending services employed by the botnet.
Only three days after the announcement security researchers with Intel 471 revealed that the botnet has resumed operations, despite Microsoft's takedown attempt and efforts from the U.S. Cyber Command to hack TrickBot's servers.
"The fact that Trickbot has resumed normal operations despite the best efforts of U.S. Cyber Command and Microsoft shows how resilient of an operation Trickbot is and how much more effort is needed to fully take the botnet offline for good," Intel 471 said.
"About 10 years ago it was much easier to completely take over or significantly disrupt a botnet, but cybercriminals are students of takedowns and have learned to make their operations more resilient to takedown efforts. That's why every takedown attempt has some potential of giving ground to the adversary. You're teaching them where the weaknesses in their armor are and they have a team of developers ready to act on that information. So unless you strike a killing blow, you're not going to impact them long term," Intel 471 COO Jason Passwaters said.
News URL
http://feedproxy.google.com/~r/Securityweek/~3/kHmRDzZN6Wo/trickbot-botnet-survives-takedown-attempt