Botnet sending Bredolab trojan dismantled; one arrested

Share this article:

Dutch authorities said Tuesday that a 27-year-old Armenian man has been charged as being the mastermind behind the Bredolab botnet, a network of millions of compromised computers worldwide.

News of the arrest comes two days after the Dutch High Tech Crime Team announced that the botnet was dismantled through efforts by a Netherlands-based hosting provider, LeaseWeb; Fox-IT, an internet security firm and the Dutch computer emergency response team, GOVCERT.NL, according to a release from the Dutch Public Ministry. The organizations teamed up to disconnect 143 rogue servers being leveraged by the botnet.

Users whose machines are infected with the Bredolab trojan are now being notified the next time they log-on, and they will be presented with information on how to remove the malware, authorities said. So far, more than 100,000 computers have received the warning.

At its peak, the Bredolab botnet was capable of infecting three million computers per month and distributing some 3.6 billion malware-infested emails per day.

In one attack last year, users of Facebook were targeted in a phishing scam that attempted to trick them into believing their password was reset and were encouraged to click on an attachment, which contained the Bredolab trojan.

Authorities, in a separate release written in Dutch, said Tuesday that the suspect made a last-ditch effort to keep the botnet functioning under his control. When he was unable to, he used 220,000 Bredolab-infected computers to launch a distributed denial-of-service (DDos) attack against LeaseWeb.

Paul Wood, MessageLabs Intelligence senior analyst, said Bredolab typically is distributed via the nearly four-year-old Cutwail, also known as Pushdo, botnet and "is used to drop other malware, spyware, etc. onto infected computers, including other botnet code."

Despite the arrests and takedown, the Bredolab trojan was pushed out in three different spam runs on Tuesday, Wood said in an email to SCMagazineUS.com.

Share this article:

Sign up to our newsletters

More in News

Community Health Systems faces lawsuit related to data breach

The suit claims the hospital operator failed to meet security standards to protect the personal information belonging to patients.

Norwegian oil companies targeted in string of attacks

More than 300 companies are being warned to check their systems after at least 50 oil companies confirmed that their systems were attacked.

Possible payment card breach at Dairy Queen stores

Several financial institutions are reporting payment card fraud activity on credit and debit cards used at various Dairy Queen stores around the country, according to Brian Krebs.