*** Welcome to piglix ***

Avalanche (phishing group)


Avalanche was a criminal syndicate involved in phishing attacks, bank fraud, and ransomware. The name also refers to the network of owned, rented, and compromised systems used to carry out that activity. Avalanche only infected computers running the Microsoft Windows O/S.

In November 2016, the Avalanche botnet was destroyed after a four-year project by an international consortium of law enforcement, commercial, academic, and private organizations.

Avalanche was discovered in December 2008, and may have been a replacement for a phishing group known as Rock Phish which stopped operating in 2008. It was run from Eastern Europe and was given its name by security researchers because of the high volume of its attacks. Avalanche launched 24% of phishing attacks in the first half of 2009; in the second half of 2009, the APWG recorded 84,250 attacks by Avalanche, constituting 66% of all phishing attacks. The number of total phishing attacks more than doubled, an increase which the APWG directly attributes to Avalanche.

Avalanche used spam email purporting to come from trusted organisations such as financial institutions or employment websites. Victims were deceived into entering personal information on websites made to appear as though they belong to these organisations. They were sometimes tricked into installing software attached to the emails or at a website. The malware logged keystrokes, stole passwords and credit card information, and allowed unauthorised remote access to the infected computer.

Internet Identity's Phishing Trends report for the second quarter of 2009 said that Avalanche "have detailed knowledge of commercial banking platforms, particularly treasury management systems and the Automated Clearing House (ACH) system. They are also performing successful real-time man-in-the-middle attacks that defeat two-factor security tokens."

Avalanche had many similarities to the previous group Rock Phish - the first phishing group which used automated techniques - but with greater in scale and volume. Avalanche hosted its domains on compromised computers (a botnet). There was no single hosting provider, makingis difficult to take down the domain and requiring the involvement of the responsible domain registrar.


...
Wikipedia

...