14 October 20, 11:34
Quote:The TrickBot trojan has been dealt a serious blow thanks to a coordinated action led by Microsoft that disrupted the botnet that spreads it. However, researchers warn that the operators will quickly try to revive their operations.
TrickBot is known for spreading other malware, especially ransomware. Microsoft said this week that the United States District Court for the Eastern District of Virginia granted a request for a court order to halt TrickBot’s operations, which it carried out in concert with other firms, including ESET, Lumen’s Black Lotus Labs, NTT Ltd., Symantec and others.
“We disrupted TrickBot through a court order we obtained, as well as technical action we executed in partnership with telecommunications providers around the world,” wrote Tom Burt, corporate vice president, Customer Security & Trust, at Microsoft, in a Monday posting. “We have now cut off key infrastructure so those operating TrickBot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems.”
TrickBot is a well-known and sophisticated trojan first developed in 2016 as a banking malware – it has a history of transforming itself and adding new features to evade detection. Moving far beyond its banking roots, it has developed over the years into a full-fledged, module-based crimeware solution typically aimed at attacking corporations and public infrastructure.
Users infected with the TrickBot Trojan will see their device become part of a botnet that can allow attackers to gain complete control of the device. Typical consequences of TrickBot infections are bank account takeover, high-value wire fraud and ransomware attacks. It’s often seen working in concert with Emotet, another concerning and widespread trojan that’s known for its modular design.
“What makes [TrickBot] so dangerous is that it has modular capabilities that constantly evolve, infecting victims for the operators’ purposes through a ‘malware-as-a-service’ model,” Burt said. “Its operators could provide their customers access to infected machines and offer them a delivery mechanism for many forms of malware, including ransomware. Beyond infecting end user computers, TrickBot has also infected a number of Internet of Things devices, such as routers, which has extended TrickBot’s reach into households and organizations.”
Read more: https://threatpost.com/trickbot-takedown...us/160018/