From F-Secure ...
The Dutch National Crime Squad has announced a major takedown. The people behind the botnet have not been caught, but the servers (hosted in LeaseWeb IP space) have been taken over, effectively shutting down the botnet.
Bredolab is a large family of complicated, polymorphic trojans. They have been distributed via drive-by-downloads and email. Bredolab is known to be connected to email spam campaigns and rogue security products. And the size of the botnet was massive: over 30 million infected computers and close to 150 command & control servers.
Interestingly, the crime squad has announced that they will be sending a warning to infected PCs: "Users of computers with viruses from this network will receive a notice of at the time of next login with information on the degree of infection."
So they will probably use the existing botnet infrastructure to send a program to all infected machines, showing them a warning.
This is rarely done because running code on somebody else's computer might be seen as "unauthorized use", possibly making it illegal - although the intentions are obviously good.
Here's a video with more information (Severe warning! It is in Dutch).
Updated to add: The Dutch police is redirecting Bredolab-infected computers to this help page.
Updated to add: A 27-year old man has been arrested in Armenia. He is under investigation for being one of the operators behind Bredolab.
Subscribe to:
Post Comments (Atom)
1 comment:
Post a Comment