Microsoft and several other tech companies have recently joined their hands to disrupt the TrickBot botnet, which is one of the top three most successful Malware-as-a-Service (MaaS) operations in the cybercrime underworld. However, Trickbot apparently survived this takedown operation and is on its way towards a revival.
Survival and revival
The multi-phased approach adopted by Microsoft and several other organizations seized the C&C servers and domains related to the Trickbot botnet. However, Trickbot is apparently continuing to operate.
- Cyber intelligence firm Intel 471 has noted that TrickBot began moving C&C servers to the EmerDNS decentralized DNS as a way to counter the ongoing takedown attempt.
- The botnet's infrastructure had recovered and all six Trickbot controllers were seen online and responding recently.
The takedown attempt
- Microsoft used the trademark law to execute a coordinated legal sneak attack in a bid to disrupt the many Trickbot internet servers against malicious use of Microsoft’s software code of the standard Windows SDK.
- Microsoft formed an international group of industry and telecom providers, such as ESET, FS-ISAC, Lumen’s Black Lotus Labs, NTT, Symantec, as well as several ISPs and CERTs around the world, to strengthen its fight against Trickbot.
Not the first action
Earlier this month, the US Cyber Command carried out an operation in an attempt to disrupt the Trickbot botnet.
The closing statement
Even though the takedown attempt was unable to shut down the Trickbot malware completely, it has its own positive impact. This incident signifies that Microsoft’s new legal approach could be used for faster crackdowns in the future.