Microsoft today announced that it disrupted Trickbot botnet, one of the world’s most infamous botnets that distributes ransomware. Trickbot has already infected over a million devices since late 2016. Microsoft worked with network operators around the world to take down the key Trickbot infrastructure so that the malware operators will no longer be able to use this infrastructure to distribute malware or ransomware.
Trickbot is not a simple malware which can be detected by any free anti-virus software, it constantly evolves in the affected device. Trickbot is a multi-stage malware typically composed of a wrapper, a loader, and a main malware module. The wrapper uses multiple templates that constantly change, is designed to evade detection by producing unique samples, even if the main malware code remains the same. You can read about Trickbot in detail here.