The Bredolab botnet, which had infected over 30 million computers worldwide, has been taken down.
The High Tech Crime Team of the Dutch National Crime Squad announced it had disconnected 143 servers which were helping run the botnet and Armenian police have arrested a man believed to be the mastermind.
Investigators determined that the illicit network had the ability to infect three million computers a month. At the end of last year, the team estimated that 3.6 billion emails with Bredolab virus payloads were sent every day to end users.
The criminal operation used services hired in the Netherlands from a reseller of LeaseWeb - one of the biggest hosts in Europe.
LeaseWeb fully cooperated in tackling the botnet and removing its activity from its network.
"On request of the Netherlands police we did not take down the botnet immediately after discovery, but gave the police the opportunity to investigate and deal a lasting blow to this cyber crime organisation," LeaseWeb's security officer Alex de Joode told IT PRO.
"This is a big success. This is one of the largest botnet infrastructures dismantled and one of the few times that the botnet mastermind was also apprehended."
Cyber criminals had used the botnet to steal financial information and other carry out other fraud offences.
The Bredolab virus itself can take complete control over an infected computer and steal data from a user's system.
It also has the ability to copy, change or delete files and other information.
"Bredolab is a large family of complicated, polymorphic Trojans," explained Mikko Hypponen, chief research officer at F-Secure.
"They have been distributed via drive-by-downloads and email. Bredolab is known to be connected to email spam campaigns and rogue security products."
Hypponen claimed in a blog that 2010 "is becoming a good year in shutting down big botnets."
Earlier this year, another mega-botnet in the form of Mariposa was taken down and the suspected criminals behind the operation were arrested.
Read on for our look at the evolution of the botnet and an exploration of past takedowns.
-
Seized database helps Europol snare botnet customers in ‘Operation Endgame’ follow-up stingNews Europol has detained several people believed to be involved in a botnet operation as part of a follow-up to a major takedown last year.
-
Horabot campaign targeted businesses for more than two years before finally being discoveredNews The newly-discovered Horabot botnet has attacked companies in the accounting, investment, and construction sectors in particular
-
Brand-new Emotet campaign socially engineers its way from detectionNews This latest resurgence follows a three-month hiatus and tricks users into re-enabling dangerous VBA macros
-
Microsoft says “it’s just too difficult” to effectively disrupt ransomwareNews The company details its new approach to combatting cyber crime as the underground industry drains $6 trillion from the global economy
-
Beating the bad bots: Six ways to identify and block spam trafficIn-depth Not all traffic is good. Learn how to prevent bad bots from overrunning your website
-
Ukraine's vigilante IT army now has a DDoS bot to automate attacks against RussiaNews The 270,000-strong IT Army of Ukraine will now combine supporters' cloud infrastructure to strengthen the daily attacks against their invaders
-
Microsoft's secure VBA macro rules already being bypassed by hackersNews Recent analysis of Emotet activity has revealed a shift away from malicious Office documents to drop malware
-
Emotet infrastructure has almost doubled since resurgence was confirmed
News Researchers confirm the infrastructure has also been upgraded for a "better secured", more resilient operation
