Massive Bredolab botnet shut down

News
By Tom Brewster
published

Dutch authorities have shut down the Bredolab botnet that had infected over 30 million systems.

Cyber crime

The Bredolab botnet, which had infected over 30 million computers worldwide, has been taken down.

The High Tech Crime Team of the Dutch National Crime Squad announced it had disconnected 143 servers which were helping run the botnet and Armenian police have arrested a man believed to be the mastermind.

Investigators determined that the illicit network had the ability to infect three million computers a month. At the end of last year, the team estimated that 3.6 billion emails with Bredolab virus payloads were sent every day to end users.

The criminal operation used services hired in the Netherlands from a reseller of LeaseWeb - one of the biggest hosts in Europe.

LeaseWeb fully cooperated in tackling the botnet and removing its activity from its network.

"On request of the Netherlands police we did not take down the botnet immediately after discovery, but gave the police the opportunity to investigate and deal a lasting blow to this cyber crime organisation," LeaseWeb's security officer Alex de Joode told IT PRO.

"This is a big success. This is one of the largest botnet infrastructures dismantled and one of the few times that the botnet mastermind was also apprehended."

Cyber criminals had used the botnet to steal financial information and other carry out other fraud offences.

The Bredolab virus itself can take complete control over an infected computer and steal data from a user's system.

It also has the ability to copy, change or delete files and other information.

"Bredolab is a large family of complicated, polymorphic Trojans," explained Mikko Hypponen, chief research officer at F-Secure.

"They have been distributed via drive-by-downloads and email. Bredolab is known to be connected to email spam campaigns and rogue security products."

Hypponen claimed in a blog that 2010 "is becoming a good year in shutting down big botnets."

Earlier this year, another mega-botnet in the form of Mariposa was taken down and the suspected criminals behind the operation were arrested.

Read on for our look at the evolution of the botnet and an exploration of past takedowns.

Tom Brewster
Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.