Several institutions have been attacked by a botnet, the Avalanche Botnet, which is drawing attention from security experts due to the uncertainty about its objective and its ties to other threats. Some botnets use to put out of sigh websites that deliver malware and send phishing emails by concealing them in the computers belonging to its network, which will act as proxies. By concealing its activities, the botnets can persist on their network for long periods without been detected. The IRS, at full income tax season, was one the entities attacks by the Avalanche Ransomware, followed by NACHA (known as the National Automated Clearinghouse Association previously), MySpace, Facebook and others.
A botnet can send commands to the infected machines to perform different tasks, and the main one is to collect information. There's nothing complicated in the modus operandi of the Avalanche Botnet. It monitors port 80, and when it detects arriving connections, it collects the data and forwards it to a pre-established server that hosts malware files and phishing pages. Fortunately, it is not a demanding task to remove the Avalanche Botnet, also called MS-Redirect from an infected computer. However, since there is a Registry key involved, the recommended removal method is by using an anti-malware application that you trust, which can erase this threat quick and easily.