Botnet sending Bredolab trojan dismantled; one arrested
Dutch authorities said Tuesday that a 27-year-old Armenian man has been charged as being the mastermind behind the Bredolab botnet, a network of millions of compromised computers worldwide.
News of the arrest comes two days after the Dutch High Tech Crime Team announced that the botnet was dismantled through efforts by a Netherlands-based hosting provider, LeaseWeb; Fox-IT, an internet security firm and the Dutch computer emergency response team, GOVCERT.NL, according to a release from the Dutch Public Ministry. The organizations teamed up to disconnect 143 rogue servers being leveraged by the botnet.
Users whose machines are infected with the Bredolab trojan are now being notified the next time they log-on, and they will be presented with information on how to remove the malware, authorities said. So far, more than 100,000 computers have received the warning.
At its peak, the Bredolab botnet was capable of infecting three million computers per month and distributing some 3.6 billion malware-infested emails per day.
In one attack last year, users of Facebook were targeted in a phishing scam that attempted to trick them into believing their password was reset and were encouraged to click on an attachment, which contained the Bredolab trojan.
Authorities, in a separate release written in Dutch, said Tuesday that the suspect made a last-ditch effort to keep the botnet functioning under his control. When he was unable to, he used 220,000 Bredolab-infected computers to launch a distributed denial-of-service (DDos) attack against LeaseWeb.
Paul Wood, MessageLabs Intelligence senior analyst, said Bredolab typically is distributed via the nearly four-year-old Cutwail, also known as Pushdo, botnet and "is used to drop other malware, spyware, etc. onto infected computers, including other botnet code."
Despite the arrests and takedown, the Bredolab trojan was pushed out in three different spam runs on Tuesday, Wood said in an email to SCMagazineUS.com.