Skip the navigation

Russian-Armenian botnet suspect raked in $140,000 a month

By Jeremy Kirk
October 29, 2010 01:30 PM ET

IDG News Service - By all measures, Georg Avanesov was very good at his job -- until he was arrested earlier this week.

Just 27 years old, he had amassed a tidy fortune, allegedly running an efficient clandestine network of hacked computers around the world.

Those computers were infected with Bredolab, a piece of malicious software responsible for sending spam, conducting attacks on websites and enabling other cybercriminals to steal money from online bank accounts.

Avanesov allegedly rented and sold part of his botnet, a common business model for those who run the networks. Other cybercriminals can rent the hacked machines for a specific time for their own purposes, such as sending a spam run or mining the PCs for personal details and files, among other nefarious actions.

Dutch prosecutors believe that Avanesov made up to €100,000 ($139,000) a month from renting and selling his botnet just for spam, said Wim De Bruin, spokesman for the Public Prosecution Service in Rotterdam. Avanesov was able to sell parts of the botnet off "because it was very easy for him to extend the botnet again," by infecting more PCs, he said.

Avanesov may have netted more money, in other ways.

"We don't have more financial information about what he did," De Bruin said. "Our investigation was focused on dismantling the network then getting a hold of our main suspect, but this criminal investigation hasn't stopped yet. We hope to get a better picture of the money and his business relationships."

As a result, Avanesov may have made millions in a career spanning more than a decade, according to a source close to law enforcement. He vacationed in the Seychelles with an attractive girlfriend and reportedly even had a side hobby as a DJ, the source said.

But Avanesov is now being held by Armenian authorities after a sting operation earlier this week by Dutch police and computer security experts with help from Russian authorities. He was arrested earlier this week after taking a late flight on Monday night from Moscow to Yerevan, Armenia's capital.

The bust wasn't supposed to happen that way, however, according to the source. Avanesov nearly got away.

Dutch authorities tried to lure Avanesov to Schipol airport near Amsterdam, where police there planned to follow him and wait until he took control of the Bredolab botnet, bust down the door and arrest him on computer hacking charges. He was expected to be on a flight into Schipol but never arrived.

"They [the police] were waiting for him, but he didn't come," according to the source.

In the meantime, the people in control of Bredolab had took noticed something strange was happening with their botnet. Around 2 p.m. CET on Monday, the Dutch High Tech Crime Team began taking over command-and-control servers used to issue instructions to the 29 million infected computers with help from the Dutch Forensic Institute, the Dutch computer emergency response team Govcert, and the security vendor Fox IT.

Reprinted with permission from Story copyright 2014 International Data Group. All rights reserved.
Our Commenting Policies