Suspected Operator of Bredolab Botnet Detained In Armenia

Authorities in Armenia, on October 25, 2010, arrested an Armenian citizen, aged 27, at the country's Yerevan airport on suspicion that he created and ran the Bredolab botnet.

The arrest followed an operation that the Dutch National Police's High Tech Crime Group lately coordinated with the view to bring down the Bredolab. The group, aiming at catching the cyber-criminal, partnered with the Dutch Government's Computer Emergency Response Team, the Dutch Forensic Institute, Fox-IT a security company, and Netherlands's biggest hosting company, LeaseWeb.

Security researchers, while describing Bredolab, stated that it was a malware, which was capable of stealing password along with login details, recording keystrokes, as well as grabbing any data stored on a contaminated PC.

The botnet associated with Bredolab had been contaminating up to 3m PCs every month. When 2009 ended, there were an estimated 3.6bn spam mails it dispatched every day carrying the Bredolab Trojan, the High Tech Crime Group stated.

Moreover, as per a declaration by the Dutch team, 143 Bredolab C&C (command-and-control) structures that LeaseWeb hosted were shutdown. In addition, according to the group, during the process of the shutdown, the botnet operator attempted at getting back control over all the contaminated PCs he had accumulated. But, when that failed, he carried out a DDoS (Distributed Denial-of-Service) assault on LeaseWeb from 220,000 PCs.

Said Head of Security Alex De Joode at the LeaseWeb ISP, the Bredolab operator hired out segments of the botnet to other online crooks. Softpedia.com published this on October 26, 2010.

Joode further explained that the botnet was fundamentally a factory or a provider of say 10,000 infections across United Kingdom. With it, an online crook was capable of uploading a PC Trojan, which could contaminate RBS or other banks as well as attack Internet Protocol addresses registered in Britain, he added. Guardian.co.uk reported this on October 26, 2010.

Remarking about Bredolab, Senior Security Advisor Rik Ferguson at Trend Micro stated that based on the examination by his analysts, the Bredolab's place of origin was traced to Russia. According to him the botnet was really one international network for criminal distribution program. Guardian.co.uk reported this.

» SPAMfighter News - 11/8/2010