The anti-virus company Avast, together with the National Gendarmerie of France, put an end to the activities of the cybercriminal group Retadup, which for two years infect users' computers and turned them into obedient bots.
Moreover, Avast specialists managed to "cure" the affected computers. To do this, they used the cybercriminals' command and control server (C&C), which issued a self-destruct command to the malicious program.
As a result, anti-virus experts have neutralized more than 850 thousand Windows systems, while users did not even have to do anything.
The Avast team began monitoring the infrastructure of the cybercriminal group back in March. Through careful analysis, the researchers have identified a vulnerability in the command server (C&C) communication protocol.
This flaw, if exploited correctly, allowed a special command to be issued to the malware installed on the victim's computers, after which the malware would destroy itself.
Since the attackers' servers were located in France, Avast contacted local law enforcement agencies and provided all the information necessary to conduct counter-attacks.
Teaming up against the criminals of Redatup, French law enforcement and the Avast team were able to quickly take over the server and cure the affected users.
The Avast report can be found here.
