Dutch team up with Armenia for Bredolab botnet take down
IDG News Service - Armenian authorities arrested a 27-year-old man on Tuesday on suspicion of running a large botnet that was dismantled after a unique take-down operation by Dutch law enforcement and computer security experts on Monday.
Dutch authorities said they seized dozens of servers used to control the Bredolab botnet, estimated to have infected millions of computers worldwide.
Bredolab is a type of malicious software program that can steal login and password details, log keystrokes, and steal any data from an infected computer. The Dutch High Tech Crime Team, which is part of the National Crime Squad, began investigating the botnet over the summer, according to a press release issued on Monday.
The Bredolab botnet was capable of infecting up to 3 million computers per month. By the end of last year, it was estimated that 3.6 billion spam e-mails were sent out daily containing the Bredolab malware, according to the High Tech Crime Team.
The team said it has disconnected and seized 143 servers used for Bredolab, working with the Dutch Forensic Institute, Govcert.nl, the Dutch computer emergency response team, and the security vendor Fox IT. The 143 servers were part of the network run by LeaseWeb, the largest hosting provider in the Netherlands, and had been hired through one of LeaseWeb's resellers.
The Armenian man was tracked down in a joint effort between Fox IT, which is based in the Netherlands, and Dutch law enforcement. The man is suspected of renting computers that had been infected with Bredolab to cybercrime players in other countries, said Ronald Prins, founder of Fox IT.
For example, a cybercriminal in Spain could rent 100,000 machines infected with Bredolab, then upload their own specific malicious software program to those machines, such as the Zeus online banking malware, Prins said.
The Armenian man had constructed a massive botnet, at one point infecting up to 29 million computers in countries including Italy, Spain, South Africa, the U.S. and the U.K. The Dutch police wanted to disrupt and shut down Bredolab.
"We wanted to take down the botnet," Prins said. "What we also wanted to do was make sure the botnet wouldn't switch over to other infrastructure under his control."
The Dutch police decided to use a tactic they have apparently used before, taking over the computers infected with Bredolab and directing them to servers not under the control of the Armenian. Fox IT helped with that by uploading a "good" bot developed by police to those PCs, Prins said.
The action started about 2 p.m. CET on Monday. Upon opening their Web browser, people with computers infected with Bredolab are now being redirected to a website set up by Govcert.nl, the Computer Emergency Response Team for the Dutch government. The Web page, written in English, warns people that their computer is infected and includes instructions for how people can remove Bredolab.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
If you use ‘password,’ one the worst passwords, as your password, fail to keep antivirus protection updated and don’t bother to deploy security patches to close critical vulnerabilities, then maybe you should consider working for the cybersecurity-clueless federal government; you’d fit right in, according to Senator Tom Coburn's cybersecurity and critical infrastructure report.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses
- IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center
- IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results
- Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- HP HAVEn: See the big picture in Big Data
- HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data... All Government IT White Papers
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of...
- Mobile Apps and Devices Slash Customer Cycle Time Consolidated Engineering Laboratories' field employees used to collect data on triplicate forms that were sometimes hard to read and difficult to manage. After...
- All Government IT Webcasts