Botnet sending Bredolab trojan dismantled; one arrested

Share this article:

Dutch authorities said Tuesday that a 27-year-old Armenian man has been charged as being the mastermind behind the Bredolab botnet, a network of millions of compromised computers worldwide.

News of the arrest comes two days after the Dutch High Tech Crime Team announced that the botnet was dismantled through efforts by a Netherlands-based hosting provider, LeaseWeb; Fox-IT, an internet security firm and the Dutch computer emergency response team, GOVCERT.NL, according to a release from the Dutch Public Ministry. The organizations teamed up to disconnect 143 rogue servers being leveraged by the botnet.

Users whose machines are infected with the Bredolab trojan are now being notified the next time they log-on, and they will be presented with information on how to remove the malware, authorities said. So far, more than 100,000 computers have received the warning.

At its peak, the Bredolab botnet was capable of infecting three million computers per month and distributing some 3.6 billion malware-infested emails per day.

In one attack last year, users of Facebook were targeted in a phishing scam that attempted to trick them into believing their password was reset and were encouraged to click on an attachment, which contained the Bredolab trojan.

Authorities, in a separate release written in Dutch, said Tuesday that the suspect made a last-ditch effort to keep the botnet functioning under his control. When he was unable to, he used 220,000 Bredolab-infected computers to launch a distributed denial-of-service (DDos) attack against LeaseWeb.

Paul Wood, MessageLabs Intelligence senior analyst, said Bredolab typically is distributed via the nearly four-year-old Cutwail, also known as Pushdo, botnet and "is used to drop other malware, spyware, etc. onto infected computers, including other botnet code."

Despite the arrests and takedown, the Bredolab trojan was pushed out in three different spam runs on Tuesday, Wood said in an email to

Share this article:

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.