Dutch High Tech Crime Team shuts down Bredolab botnet!

erikloman · Oct 25, 2010

The High Tech Crime Team (THTC) of the National Crime Squad today announced the takedown of a dangerous botnet. The botnet had infected at least 30 million computers worldwide. The botnet was part of the Bredolab network, used by cybercriminals to distribute malware to unsuspecting users’ computers.

Working in close collaboration with a Dutch hosting provider; the Dutch Forensic Institute (NFI), the internet security company GOVCERT.NL and Fox IT, the Dutch computer emergency response team has now seized and disconnected 143 computer servers from the internet.
Click to expand...

http://www.om.nl/actueel/nieuws-_en/@154338/dutch_national_crime/

FanJ · Oct 25, 2010

http://www.om.nl/actueel/nieuws-_en/@154338/dutch_national_crime/

The botnet network used servers hired in the Netherlands from a reseller of LeaseWeb, which is the largest hosting provider in the Netherlands, and one of the largest hosts in Europe. LeaseWeb fully cooperated in eradicating the issue from its network, as part of its Community Outreach program.
Click to expand...

Maybe the question might be asked why this server farm didn't detect this earlier.

CloneRanger · Oct 27, 2010

Is my computer infected?

What is my computer infected with?

Your computer is, at a minimum, infected with a piece of malicious software called Bredolab. One of Bredolab's primary functions is to spread other malicious software - it is a so-called dropper.

In addition, your computer is very likely to be infected with multiple other pieces of malicious software.
Click to expand...

https://www.waarschuwingsdienst.nl/Risicos/Virussen en malware/Ontmanteling Bredolab.html

Quick get help

MrBrian · Oct 27, 2010

Bredolab Takedown, Another Win for Collaboration

JRViejo · Oct 27, 2010

Re: Is my computer infected?

Dutch authorities say more arrests related to the Bredolab botnet may occur as investigators continue to examine the business arrangements behind the cybercrime operation.

One arrest was made on Tuesday by Armenian police of a 27-year-old man accused of being the mastermind behind Bredolab, which included as many as 29 million compromised computers worldwide. The man, who was not identified, was nabbed after returning from Moscow to Armenia's capital, Yerevan. Security experts say the man rented out time on his botnet to other cybercrime players.
Click to expand...

Dutch Prosecutors Say More Bredolab Arrests May Occur by Jeremy Kirk.

Baserk · Oct 28, 2010

FanJ said:

Maybe the question might be asked why this server farm didn't detect this earlier.
Click to expand...

They seem to rely (mainly?) on their Community Outreach Project

'Security officer at LeaseWeb speaks about the Bredolab botnet's takedown' (link)

JRViejo · Oct 28, 2010

Merged Threads to continue same topic!

JRViejo · Oct 28, 2010

The latest look at the botnet by FireEye's Malware Intelligence Lab shows that two domains are being used to issue instructions to infected computers. PCs that are infected with Bredolab are programmed check in with certain domains in order to receive new commands, wrote Atif Mushtaq, of FireEye.

One domain, which is on an IP (Internet protocol) address registered with a collocation facility in Kazakhstan, is telling infected computers to download a fake antivirus program called Antivirusplus, Mushtaq said. Cybercriminals have found that fake antivirus programs can be a thriving business. If infected, users are badgered to buy the programs, which offer little or no actual protection from threats on the Internet.

The other domain is instructing computers compromised with Bredolab to send spam. That domain is hosted on an IP address assigned to a collocation facility in Russia.
Click to expand...

Bredolab-infected PCs downloading fake antivirus software by Jeremy Kirk.

MrBrian · Oct 28, 2010

Did Dutch police break the law taking down a botnet?

FanJ · Oct 29, 2010

MrBrian said:

Did Dutch police break the law taking down a botnet?
Click to expand...

F-Secure weblog

Some quotes:

Interestingly, the crime squad has announced that they will be sending a warning to infected PCs: "Users of computers with viruses from this network will receive a notice of at the time of next login with information on the degree of infection."

So they will probably use the existing botnet infrastructure to send a program to all infected machines, showing them a warning.

This is rarely done because running code on somebody else's computer might be seen as "unauthorized use", possibly making it illegal - although the intentions are obviously good.
Click to expand...

Log in or Sign up

Dutch High Tech Crime Team shuts down Bredolab botnet!

erikloman Developer

FanJ Updates Team

CloneRanger Registered Member

MrBrian Registered Member

JRViejo Super Moderator

Baserk Registered Member

JRViejo Super Moderator

JRViejo Super Moderator

MrBrian Registered Member

FanJ Updates Team

Log in or Sign up

Dutch High Tech Crime Team shuts down Bredolab botnet!

erikloman Developer

FanJ Updates Team

CloneRanger Registered Member

MrBrian Registered Member

JRViejo Super Moderator

Baserk Registered Member

JRViejo Super Moderator

JRViejo Super Moderator

MrBrian Registered Member

FanJ Updates Team

Useful Searches