<<< NEWS FROM THE LAB - Tuesday, October 26, 2010 >>> ARCHIVES | SEARCH Bredolab Botnet Shut Down Posted by Mikko @ 06:06 GMT Year 2010 is becoming a good year in shutting down big botnets.



Latest case: Bredolab.



The Dutch National Crime Squad has announced a major take-down. The people behind the botnet have not been caught, but the servers (hosted in LeaseWeb IP space) have been taken over, effectively shutting down the botnet.



Bredolab is a large family of complicated, polymorphic trojans. They have been distributed via drive-by-downloads and e-mail. Bredolab is known to be connected to e-mail spam campaigns and rogue security products. And the size of the botnet was massive: over 30 million infected computers and close to 150 command & control servers.



Interestingly, the crime squad has announced that they will be sending a warning to infected PCs: "Users of computers with viruses from this network will receive a notice of at the time of next login with information on the degree of infection."



So they will probably use the existing botnet infrastructure to send a program to all infected machines, showing them a warning.



This is rarely done because running code on somebody else's computer might be seen as "unauthorized use", possibly making it illegal — although the intentions are obviously good.



Here's a video with more information (Severe warning! It is in Dutch).



Updated to add: The Dutch police are redirecting Bredolab-infected computers to this help page.



Updated to add: A 27-year old man has been arrested in Armenia. He is under investigation for being one of the operators behind Bredolab.









