Botnet sending Bredolab trojan dismantled; one arrested

Share this article:

Dutch authorities said Tuesday that a 27-year-old Armenian man has been charged as being the mastermind behind the Bredolab botnet, a network of millions of compromised computers worldwide.

News of the arrest comes two days after the Dutch High Tech Crime Team announced that the botnet was dismantled through efforts by a Netherlands-based hosting provider, LeaseWeb; Fox-IT, an internet security firm and the Dutch computer emergency response team, GOVCERT.NL, according to a release from the Dutch Public Ministry. The organizations teamed up to disconnect 143 rogue servers being leveraged by the botnet.

Users whose machines are infected with the Bredolab trojan are now being notified the next time they log-on, and they will be presented with information on how to remove the malware, authorities said. So far, more than 100,000 computers have received the warning.

At its peak, the Bredolab botnet was capable of infecting three million computers per month and distributing some 3.6 billion malware-infested emails per day.

In one attack last year, users of Facebook were targeted in a phishing scam that attempted to trick them into believing their password was reset and were encouraged to click on an attachment, which contained the Bredolab trojan.

Authorities, in a separate release written in Dutch, said Tuesday that the suspect made a last-ditch effort to keep the botnet functioning under his control. When he was unable to, he used 220,000 Bredolab-infected computers to launch a distributed denial-of-service (DDos) attack against LeaseWeb.

Paul Wood, MessageLabs Intelligence senior analyst, said Bredolab typically is distributed via the nearly four-year-old Cutwail, also known as Pushdo, botnet and "is used to drop other malware, spyware, etc. onto infected computers, including other botnet code."

Despite the arrests and takedown, the Bredolab trojan was pushed out in three different spam runs on Tuesday, Wood said in an email to SCMagazineUS.com.

Share this article:

Sign up to our newsletters

More in News

Pentagon to triple its security workforce by 2016

Pentagon to triple its security workforce by 2016

Defense Secretary Chuck Hagel recently announced the recruitment efforts during a speech in Fort Meade, Md.

Tech manufacturer's online payment system breached

LaCie confirmed an unauthorized party used malware to access its online payment system for almost a year and could have stolen customer information.

The Heartbleed bug works, and could be a scapegoat for older breaches

The Heartbleed bug works, and could be a ...

Researchers proved the Heartbleed bug was real in a challenge issued by CloudFlare to prove private keys can be stolen, right around the time companies are claiming they were breached ...