Law enforcement authorities rescued roughly 850,000 machines that were infected with Retadup malware by replacing the command-and-control infrastructure with a disinfection server, causing the worm to self-destruct.

The operation took place last July under the auspices of the French National Gendarmerie's Cybercrime Fighting Center and the FBI, and was significantly aided by researchers at Avast, who had been closely tracking the threat since March.

Discovered in 2017, Retadup is typically coded in either AutoIt or AutoHotkey, self-propagates by dropping malicious LNK files onto connected drives. "The dropped LNK files essentially mimic users' already existing files and they seem to be successful at convincing many of them that they are just benign shortcuts," reads an Avast technical report published today.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.