The Dutch High Tech Crime Unit has arrested a 19 year-old man and his 16 year-old brother and charged them with operating (and attempting to sell) the Shadow botnet. Shadow was created by the two brothers, and is currently thought to infect some 100,000 machines, down from a peak of 150,000. Shadow appears to have been mostly confined to the Netherlands, as the messages and phishing hooks were all sent in Dutch, but had apparently infected some US systems as well, as the FBI is credited for assisting on the case.

The arrests actually occurred several weeks ago, on July 29, but it's what happened afterwards that has made this situation interesting. Instead of simply shutting the botnet down, the High Crime Tech Unit took control of it. Once Shadow was secured, the police contacted Kaspersky Labs about providing a means to neutralize the malware. Kaspersky has made their fix public, and will also deploy the instructions over the Shadow botnet itself.

Reaching out to infected users and notifying them that they are, in fact, infected is a new twist, and it uses the spammers' own work against them. As for Shadow, there's nothing particularly special about it. The two creators initially infected users through Microsoft's Windows Live Messenger service. Victims received a message purporting to be from a friend. The message contained a link, the link wants to download a file...we all know the drill. Once in place, Shadow collected all the instant messenger contacts it could get its hands on and relayed them back to the command and control (C&C) server.

The success of the Shadow botnet takedown lends credence to the speech Rod Beckstrom gave at Black Hat just last week. Speaking at the conference, Beckstrom highlighted the need for cooperation between companies, individuals, and the government, itself, when it comes to defining and deploying the best security practices. This particular case is the second high-profile, international action we've seen so far this year and a further example of how cooperation at all levels is an effective weapon in the ongoing fight against malware.

Further reading:

WAVCi: "Kaspersky Labs helps Dutch police dismantle Shadow botnet"