Welcome to the

AdGuardian Plus Blog


Microsoft disrupted TrickBot ahead of US elections

TrickBot executes malware on the infected machines

Microsoft disrupted TrickBot and for this it joined its forces with telecomunications providers around the world.

Thus, huge companies joined Microsoft’s effort: Black Lotus Labs, ESET, FS-ISAC (Financial Services Information Sharing and Analysis Center), and Symantec.

The cooperation began as the US District Court for the Eastern District of Virginia granted the operations.

TrickBot could be the largest threat

Microsoft announced that it took action to disrupt the botnet, as ransomware would be the largest threat to the upcoming electoral day. Also, the action came after the malware managed to evade Windows 10 detection, bypassing User Account Control.

So, Tom Burt, VP for Microsoft, wrote that the company “disrupted TrickBot through a court order we obtained as well as technical action we executed in partnership with telecommunications providers.”

”We have now cut off key infrastructure so those operating TrickBot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems,” he added.

In fact, the order form the US District Court for the Eastern District of Virginia authorised the company to “disable the IP addresses, render the content stored on the command and control servers inaccessible.”

Also, it allowed Microsoft to “suspend all services to the botnet operators”. Moreover, it allowed it block any effort by the TrickBot operators to purchase or lease additional servers.”

Still, the effort doesn’t mean that the threat has ended.

Also, according to Jean-Ian Boutin, head of threat research at ESET, they have been tracking TrickBot for years. In fact, researchers consider TrickBot as one of the most dangerous active malware known at this moment.

“TrickBot is one of the most prevalent banking malware families, and this malware strain represents a threat for internet users globally,” he emphasized.

Also, according to them, TrickBot is “one of the most advanced malware delivery vehicles.”

It appeared in 2016 as a banking malware, but then it has developed into an all-purpose crimeware. It usually targets corporations and its creators develop new ways to deliver malicious payload, all the time.

Related posts

U.S. presidential elections: Facebook rejected 2.2 million ads


Ransomware attack affects the COVID-19 Vaccine Trials


Hacking LinkedIn and Dropbox sent a Russian man to prison


Advertising: The fight for and against intrusive ads

Sign up for our Newsletter and
stay informed
[mc4wp_form id="14"]

Leave a Reply

Your email address will not be published. Required fields are marked *