Dutch team up with Armenia for Bredolab botnet take down
IDG News Service - Armenian authorities arrested a 27-year-old man on Tuesday on suspicion of running a large botnet that was dismantled after a unique take-down operation by Dutch law enforcement and computer security experts on Monday.
Dutch authorities said they seized dozens of servers used to control the Bredolab botnet, estimated to have infected millions of computers worldwide.
Bredolab is a type of malicious software program that can steal login and password details, log keystrokes, and steal any data from an infected computer. The Dutch High Tech Crime Team, which is part of the National Crime Squad, began investigating the botnet over the summer, according to a press release issued on Monday.
The Bredolab botnet was capable of infecting up to 3 million computers per month. By the end of last year, it was estimated that 3.6 billion spam e-mails were sent out daily containing the Bredolab malware, according to the High Tech Crime Team.
The team said it has disconnected and seized 143 servers used for Bredolab, working with the Dutch Forensic Institute, Govcert.nl, the Dutch computer emergency response team, and the security vendor Fox IT. The 143 servers were part of the network run by LeaseWeb, the largest hosting provider in the Netherlands, and had been hired through one of LeaseWeb's resellers.
The Armenian man was tracked down in a joint effort between Fox IT, which is based in the Netherlands, and Dutch law enforcement. The man is suspected of renting computers that had been infected with Bredolab to cybercrime players in other countries, said Ronald Prins, founder of Fox IT.
For example, a cybercriminal in Spain could rent 100,000 machines infected with Bredolab, then upload their own specific malicious software program to those machines, such as the Zeus online banking malware, Prins said.
The Armenian man had constructed a massive botnet, at one point infecting up to 29 million computers in countries including Italy, Spain, South Africa, the U.S. and the U.K. The Dutch police wanted to disrupt and shut down Bredolab.
"We wanted to take down the botnet," Prins said. "What we also wanted to do was make sure the botnet wouldn't switch over to other infrastructure under his control."
The Dutch police decided to use a tactic they have apparently used before, taking over the computers infected with Bredolab and directing them to servers not under the control of the Armenian. Fox IT helped with that by uploading a "good" bot developed by police to those PCs, Prins said.
The action started about 2 p.m. CET on Monday. Upon opening their Web browser, people with computers infected with Bredolab are now being redirected to a website set up by Govcert.nl, the Computer Emergency Response Team for the Dutch government. The Web page, written in English, warns people that their computer is infected and includes instructions for how people can remove Bredolab.
- SIP Migration: Addressing CIOs' Concerns Recent data from IDG Research shows that many IT executives are counting on SIP to help them meet employee efficiency and customer experience...
- City Solved Network Mystery - Saves $30K The City of Jacksonville put their hunch to work and not only solved a mystery, but found a new and innovative use for...
- Using Video to Gain a Competitive Advantage: A Business Strategy for Mid-Market Companies The insights provided in this white paper are based on industry analysts and 30+ years of experience from the Video Collaboration Group at...
- Transform IT: Transform the Enterprise This paper provides IT leaders with insight into three IT imperatives that 24 CIOs and senior IT executives used to reposition IT and...
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success!
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt. All Network Security White Papers | Webcasts