In November 2016, the Avalanche botnet was destroyed after a four-year project by an international consortium of law enforcement, commercial, academic, and private organizations.
The malware logged keystrokes, stole passwords and credit card information, and allowed unauthorised remote access to the infected computer.
[4] In October 2009, ICANN, the organisation which manages the assignment of domain names, issued a Situation Awareness Note encouraging registrars to be proactive in dealing with Avalanche attacks.
[9] The UK registry, Nominet has changed its procedures to make it easier to suspend domains, because of attacks by Avalanche.
[4] Interdomain, a Spanish registrar, began requiring a confirmation code delivered by mobile phone in April 2009 which successfully forced Avalanche to stop registering fraudulent domains with them.
[1][4] On November 30, 2016, the Avalanche botnet was destroyed at the end of a four-year project by INTERPOL, Europol, the Shadowserver Foundation,[10] Eurojust, the Luneberg (Germany) police, The German Federal Office for Information Security (BSI), the Fraunhofer FKIE, several antivirus companies organized by Symantec, ICANN, CERT, the FBI, and some of the domain registries that had been used by the group.
This allowed it to defeat the fast-flux distributed DNS obfuscation, map the command/control structure[11] of the botnet, and identify its numerous physical servers.