Botnet sending Bredolab trojan dismantled, one arrested

Dutch authorities announced that a 27-year-old Armenian man has been charged in connection with being the mastermind behind the Bredolab botnet, a network of millions of compromised computers worldwide.

News of the arrest comes two days after the Dutch High Tech Crime Team announced that the botnet was dismantled through efforts by a Netherlands-based hosting provider LeaseWeb, internet security firm Fox-IT, and the Dutch computer emergency response team, GOVCERT.NL. The organisations teamed up to disconnect 143 rogue servers being leveraged by the botnet.

Users whose machines are infected with the Bredolab trojan are now being notified the next time they log-on, and they will be presented with information on how to remove the malware, authorities said. So far, more than 100,000 computers have received the warning.

At its peak, the Bredolab botnet was capable of infecting three million computers per month and distributing some 3.6 billion malware-infested emails per day.

In one attack last year, users of Facebook were targeted in a phishing scam that attempted to trick them into believing their password was reset and were encouraged to click on an attachment, which contained the Bredolab trojan.

Authorities also said that the suspect made a last-ditch effort to keep the botnet functioning under his control. When he was unable to, he used 220,000 Bredolab-infected computers to launch a distributed denial-of-service (DDos) attack against LeaseWeb.

Paul Wood, MessageLabs Intelligence senior analyst, said Bredolab typically is distributed via the nearly four-year-old Cutwail, also known as Pushdo, botnet and "is used to drop other malware, spyware, etc. onto infected computers, including other botnet code."

Despite the arrests and takedown, the Bredolab trojan was pushed out in three different spam runs earlier this week, Wood said in an email to SCMagazineUS.com.

See original article on scmagazineus.com