Dutch team up with Armenia for Bredolab botnet take down
IDG News Service - Armenian authorities arrested a 27-year-old man on Tuesday on suspicion of running a large botnet that was dismantled after a unique take-down operation by Dutch law enforcement and computer security experts on Monday.
Dutch authorities said they seized dozens of servers used to control the Bredolab botnet, estimated to have infected millions of computers worldwide.
Bredolab is a type of malicious software program that can steal login and password details, log keystrokes, and steal any data from an infected computer. The Dutch High Tech Crime Team, which is part of the National Crime Squad, began investigating the botnet over the summer, according to a press release issued on Monday.
The Bredolab botnet was capable of infecting up to 3 million computers per month. By the end of last year, it was estimated that 3.6 billion spam e-mails were sent out daily containing the Bredolab malware, according to the High Tech Crime Team.
The team said it has disconnected and seized 143 servers used for Bredolab, working with the Dutch Forensic Institute, Govcert.nl, the Dutch computer emergency response team, and the security vendor Fox IT. The 143 servers were part of the network run by LeaseWeb, the largest hosting provider in the Netherlands, and had been hired through one of LeaseWeb's resellers.
The Armenian man was tracked down in a joint effort between Fox IT, which is based in the Netherlands, and Dutch law enforcement. The man is suspected of renting computers that had been infected with Bredolab to cybercrime players in other countries, said Ronald Prins, founder of Fox IT.
For example, a cybercriminal in Spain could rent 100,000 machines infected with Bredolab, then upload their own specific malicious software program to those machines, such as the Zeus online banking malware, Prins said.
The Armenian man had constructed a massive botnet, at one point infecting up to 29 million computers in countries including Italy, Spain, South Africa, the U.S. and the U.K. The Dutch police wanted to disrupt and shut down Bredolab.
"We wanted to take down the botnet," Prins said. "What we also wanted to do was make sure the botnet wouldn't switch over to other infrastructure under his control."
The Dutch police decided to use a tactic they have apparently used before, taking over the computers infected with Bredolab and directing them to servers not under the control of the Armenian. Fox IT helped with that by uploading a "good" bot developed by police to those PCs, Prins said.
The action started about 2 p.m. CET on Monday. Upon opening their Web browser, people with computers infected with Bredolab are now being redirected to a website set up by Govcert.nl, the Computer Emergency Response Team for the Dutch government. The Web page, written in English, warns people that their computer is infected and includes instructions for how people can remove Bredolab.
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Binary Option: Neustar SiteProtect Case Study Learn how Neustar helped Top10optionbinaire.com protect against DDoS attacks with SiteProtect DDoS mitigation technology.
- Four Ways DNS Can Accelerate Business Growth This DNS eBook describes how DNS has developed over the years to support business growth as new needs have emerged, for example, advanced...
- Architecting the Network of the Future Networks need to change, as does the way IT thinks about and manages them. In addition to reliability, IT must now add higher...
- Ecommerce Site Needs Protection Against Cyber 'Pirate' Learn how a Neustar customer thwarted 'Blackbeard,' a self-styled DDoS Pirate. Using Neustar SiteProtect, a cloud-based DDoS mitigation service, this everyday IT hero...
- Tales from the Trenches - Industry Risks and Examples of DDoS Watch Neustar experts as they discuss how DDoS impacts technology companies including online gaming, e-commerce and more. All Network Security White Papers | Webcasts