Read on Twitter
As part of our commitment to our customers and community, we are continuing to take action to protect orgs from the SolarWinds supply chain attack. 1/5 https://feye.io/3gKoMBp
SUNBURST is the malware that was distributed through SolarWinds software. As part of our analysis of SUNBURST, we identified a killswitch that would prevent SUNBURST from continuing to operate. 2/5
Depending on the IP address returned when the malware resolves avsvmcloud[.]com, under certain conditions, the malware would terminate itself and prevent further execution. We’ve collaborated with @GoDaddy and @Microsoft to deactivate SUNBURST infections. 3/5
This killswitch will affect new & previous SUNBURST infections by disabling SUNBURST deployments that are still beaconing to avsvmcloud[.]com. However, this actor moved quickly to establish additional persistent mechanisms to access victim networks beyond SUNBURST backdoor. 4/5
This killswitch will not remove the actor from victim networks where they have established other backdoors. However, it will make it more difficult for the actor to leverage the previously distributed versions of SUNBURST. 5/5
