Bredolab Still Active Despite Massive Takedown
Security experts and Dutch police, during the end-week of October 2010, conducted an elaborate takedown operation of the Bredolab botnet; however, the botnet doesn't seem to have totally stopped, reports ComputerWorld that published the news on October 28, 2010.
Incidentally, following the execution of the operation, 143 command-and-control (C&C) servers were shutdown that worked for the Bredolab botnet programmed to steal information. It (the botnet) understandably infected 130m PCs globally. Fox-IT the Dutch net company utilized the malicious network itself for distributing notices to the infected victims telling them their computers were under attack. Moreover, the individual doubted as being responsible for the botnet too is arrested.
In spite of all these, a minimum of 2 botnet C&C points continue to be active and they're being utilized for sending directions to contaminated PCs, claims the malware Intelligence Lab of FireEye.
States researcher Atif Mushtaq at FireEye, after Bredolab infects computers, it programs them to link up with some specific domains for taking fresh commands. Computerworld.com published this on October 28, 2010.
Mushtaq explained that a particular Web domain that was on and Internet Protocol (IP) address registered in Kazakhstan was instructing PCs to take down bogus anti-virus software known as Antivirusplus. Online crooks had discovered that bogus anti-virus software made a flourishing commercial venture. Once contaminated, users were tricked into purchasing the software that provided little real defense from online attacks, the researcher added.
Another Web domain was instructing PCs infected with Bredolab to dispatch spam. That domain was associated with an IP address registered in Russia.
Remarking about these happenings, Mushtaq stated that he was quite sure that those or the person who controlled the variant were wholly active as well as possibly not the individual whom the Dutch police arrested. Softpedia.com published this on October 29, 2010.
One possible explanation by Mushtaq for his belief is that somewhere the source code of Bredolab leaked out and somebody was developing custom variants.
He concludes that certainly a few of the controllers of the bot-infected computers continue to be unconcerned as also sufficiently committed towards carrying on their operations despite additionally scrutiny.
Related article: Bredolab Trojan Distributed via Bogus Shipment E-mails
» SPAMfighter News - 05-11-2010