Days following the US Government took measures to interrupt the infamous TrickBot botnet, a bunch of cybersecurity and other tech giants has detailed a different coordinated attempt to shut down the malware backend infrastructure.
The growth comes after the US Cyber Control mounted a campaign to thwart TrickBot's spread over worries of ransomware strikes targeting voting systems before the presidential elections next month.
Microsoft and its partners examined over 186,000 TrickBot samples, using it to monitor the malware's command-and-control (C2) infrastructure used to convey with the victim machines and also determine the IP addresses of their C2 servers and other TTP employed to prevent detection.
"With this evidence, the court granted approval for Microsoft and our partners to disable the IP addresses, render the content stored on the command and control servers inaccessible, suspend all services to the botnet operators, and block any effort by the TrickBot operators to purchase or lease additional servers," Microsoft Stated
Since its inception as a banking Trojan in late 2016, TrickBot has developed to a Swiss Army knife capable of pilfering sensitive info, as well as falling ransomware and post-exploitation toolkits on endangered apparatus, besides recruiting them in a household of bots.
"Over the years, TrickBot's operators were able to build a massive botnet, and the malware evolved into a modular malware available for malware-as-a-service,"microsoft added
"The TrickBot infrastructure was made available to cybercriminals who used the botnet as an entry point for human-operated campaigns, including attacks that steal credentials, exfiltrate data, and deploy additional payloads, most notably Ryuk ransomware, in target networks."
Normally delivered through phishing campaigns that leverage existing events or fiscal baits to lure users to receptive malicious file attachments or click hyperlinks to sites hosting the malware, TrickBot has also been set up as a second-stage payload of the other nefarious botnet named Emotet.
The cybercrime performance has infected more than a million computers thus far. Microsoft, however, cautioned that it didn't anticipate the most recent action to permanently interrupt TrickBot, including that the cybercriminals on the other side of the botnet will probably make attempts to revive their surgeries.
Based on Swiss-based Feodo Tracker, eight TrickBot management servers, a few of which were seen weekly, are still on the web after the takedown.
Wow nice! Good job!