Trickbot—the for-hire botnet Microsoft attacked—is scrambling to stay alive

Cartoon image of a desktop computer under attack from viruses.

reader comments

6 with 5 posters participating

Operators of Trickbot—a for-hire botnet that has infected more than 1 million devices since 2016—are looking for new ways to stay afloat after Microsoft and a host of industry partners took coordinated action to disrupt it last week.

In an update published on Tuesday, Microsoft Corporate VP for Security & Trust Tom Burt said the operation initially managed to take down 62 of the 69 servers Trickbot was known to be using to control its vast network of infected devices. Trickbot operators responded by quickly spinning up 59 new servers, and Microsoft was able to eliminate all of them except for one.

In all, the industrywide operation has taken down 120 of 128 servers identified as belonging to Trickbot. Now, Trickbot is responding by using a competing criminal group to distribute the Trickbot malware.

Fighting to stay alive

“This is one of many signs that suggests to us that, faced with its critical infrastructure under repeated attack, Trickbot operators are scrambling to find other ways to stay active,” Burt wrote. “While an arrangement with other actors will not enable Trickbot to equal its homegrown capabilities, it’s also a reminder that there are many threats to keeping cyberspace secure and it’s important for people—especially those involved in the security of our electoral processes—to stay vigilant.”

Burt, who has overseen several global botnet takedowns in the past, said the industry is getting better at them. After identifying new Trickbot servers, Microsoft and its partners have been able to locate their respective hosting providers, initiated required legal actions, and taken

Continue reading – Article source