Russian-Armenian botnet suspect raked in $140,000 a month
IDG News Service - By all measures, Georg Avanesov was very good at his job -- until he was arrested earlier this week.
Just 27 years old, he had amassed a tidy fortune, allegedly running an efficient clandestine network of hacked computers around the world.
Those computers were infected with Bredolab, a piece of malicious software responsible for sending spam, conducting attacks on websites and enabling other cybercriminals to steal money from online bank accounts.
Avanesov allegedly rented and sold part of his botnet, a common business model for those who run the networks. Other cybercriminals can rent the hacked machines for a specific time for their own purposes, such as sending a spam run or mining the PCs for personal details and files, among other nefarious actions.
Dutch prosecutors believe that Avanesov made up to €100,000 ($139,000) a month from renting and selling his botnet just for spam, said Wim De Bruin, spokesman for the Public Prosecution Service in Rotterdam. Avanesov was able to sell parts of the botnet off "because it was very easy for him to extend the botnet again," by infecting more PCs, he said.
Avanesov may have netted more money, in other ways.
"We don't have more financial information about what he did," De Bruin said. "Our investigation was focused on dismantling the network then getting a hold of our main suspect, but this criminal investigation hasn't stopped yet. We hope to get a better picture of the money and his business relationships."
As a result, Avanesov may have made millions in a career spanning more than a decade, according to a source close to law enforcement. He vacationed in the Seychelles with an attractive girlfriend and reportedly even had a side hobby as a DJ, the source said.
But Avanesov is now being held by Armenian authorities after a sting operation earlier this week by Dutch police and computer security experts with help from Russian authorities. He was arrested earlier this week after taking a late flight on Monday night from Moscow to Yerevan, Armenia's capital.
The bust wasn't supposed to happen that way, however, according to the source. Avanesov nearly got away.
Dutch authorities tried to lure Avanesov to Schipol airport near Amsterdam, where police there planned to follow him and wait until he took control of the Bredolab botnet, bust down the door and arrest him on computer hacking charges. He was expected to be on a flight into Schipol but never arrived.
"They [the police] were waiting for him, but he didn't come," according to the source.
In the meantime, the people in control of Bredolab had took noticed something strange was happening with their botnet. Around 2 p.m. CET on Monday, the Dutch High Tech Crime Team began taking over command-and-control servers used to issue instructions to the 29 million infected computers with help from the Dutch Forensic Institute, the Dutch computer emergency response team Govcert, and the security vendor Fox IT.
- SIP Migration: Addressing CIOs' Concerns Recent data from IDG Research shows that many IT executives are counting on SIP to help them meet employee efficiency and customer experience...
- City Solved Network Mystery - Saves $30K The City of Jacksonville put their hunch to work and not only solved a mystery, but found a new and innovative use for...
- Using Video to Gain a Competitive Advantage: A Business Strategy for Mid-Market Companies The insights provided in this white paper are based on industry analysts and 30+ years of experience from the Video Collaboration Group at...
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Why Are Customers Really Deploying an NGFW? It seems every IT Security expert is talking about the NGFW, but what are people really doing? This webcast covers 5 real-world customer... All Network Security White Papers | Webcasts