“Uncovering the Secrets of a Malware Gang: How a Security Team Flips the Script”
Gootloader Malware Successfully Blocked by IP Address
The Gootloader malware, capable of taking over a computer’s entire network, has been successfully blocked by a coalition made up of cybersecurity firms and ISPs. The group blocked all internet traffic to certain IP addresses associated with the malware. This prevented users from unwittingly infecting their systems.
The coalition was led by Microsoft’s Digital Crimes Unit (DCU) and included ESET, Lumen’s Black Lotus Labs, NTT, and Symantec. Together, they identified key infrastructure used by the malware and provided a range of private and public sector organizations with evidence to block the associated IP addresses.
While traditional methods of blocking malware, such as antivirus software, are still essential, this coordinated approach is critical in stopping more advanced attacks like the Gootloader malware.
Gootloader first appeared in late 2020 and operates by enticing users to click on a particular link that installs the malware. Once installed, it can take over a user’s computer and use it to download other malware, such as ransomware. Gootloader also avoids detection by using legitimate websites as hosts and encrypting the communication channels between its various components.
For a long-term solution, the coalition is recommending that internet service providers deploy a technique called “BGP blackholing.” This involves blocking all traffic to a specific IP address, rendering it unreachable. This technique should prevent the distribution of malware that uses these IP addresses in the future, effectively neutralizing the threat.
Key Takeaway:
– Gootloader malware has been blocked by a coalition of cybersecurity firms and ISPs, led by Microsoft’s Digital Crimes Unit.
– The group identified key infrastructure used by the malware and provided evidence to block associated IP addresses.
– Gootloader avoids detection by using legitimate websites as hosts and encrypting communication channels between its components.
– To prevent future threats like Gootloader, the coalition recommends the deployment of BGP blackholing techniques by ISPs.
