People outside of Microsoft agreed that the takedown appears to be achieving results. Marcus Hutchins, a researcher who closely follows botnets, said that Trickbot has two classes of servers. Command servers update configurations and send commands, while plugin servers download modular tools used for things like bank fraud, infecting new computers, or sending spam.
Even a single command server can rapidly tell all infected computers where to find new control servers, so the partial takedown of them isn’t much of a body blow, Hutchins said. In fact, in the hours leading up to the publishing of this post, the botnet
Adblocking extensions with more than 300,000 active users have been surreptitiously uploading user browsing data and tampering with users’ social media accounts thanks to malware its new owner introduced a few weeks ago, according to technical analyses and posts on Github.
Hugo Xu, developer of the Nano Adblocker and Nano Defender extensions, said 17 days ago that he no longer had the time to maintain the project and had sold the rights to the versions available in Google’s Chrome Web Store. Xu told me that Nano Adblocker and Nano Defender, which often are installed together, have