Microsoft disrupted TrickBot and for this it joined its forces with telecomunications providers around the world.
The cooperation began as the US District Court for the Eastern District of Virginia granted the operations.
TrickBot could be the largest threat
Microsoft announced that it took action to disrupt the botnet, as ransomware would be the largest threat to the upcoming electoral day. Also, the action came after the malware managed to evade Windows 10 detection, bypassing User Account Control.
So, Tom Burt, VP for Microsoft, wrote that the company “disrupted TrickBot through a court order we obtained as well as technical action we executed in partnership with telecommunications providers.”
”We have now cut off key infrastructure so those operating TrickBot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems,” he added.
In fact, the order form the US District Court for the Eastern District of Virginia authorised the company to “disable the IP addresses, render the content stored on the command and control servers inaccessible.”
Also, it allowed Microsoft to “suspend all services to the botnet operators”. Moreover, it allowed it block any effort by the TrickBot operators to purchase or lease additional servers.”
Still, the effort doesn’t mean that the threat has ended.
Also, according to Jean-Ian Boutin, head of threat research at ESET, they have been tracking TrickBot for years. In fact, researchers consider TrickBot as one of the most dangerous active malware known at this moment.
“TrickBot is one of the most prevalent banking malware families, and this malware strain represents a threat for internet users globally,” he emphasized.
Also, according to them, TrickBot is “one of the most advanced malware delivery vehicles.”
It appeared in 2016 as a banking malware, but then it has developed into an all-purpose crimeware. It usually targets corporations and its creators develop new ways to deliver malicious payload, all the time.