Oct 26, 2010 06:27 GMT  ·  By

The Dutch National Police Services Agency (KLPD) closed down 143 computer servers hosted in the country and associated with the Bredolab gang's pay-per-install operations.

Bredolab is a downloader-type trojan serving as a malware distribution platform and was one of the most prominent threats during the last half of 2009 and the beginning of this year.

The trojan spreads via drive-by attacks – exploits kits targeting vulnerabilities in outdated versions of popular applications – and socially engineered infected emails.

Bredolab emails pose as official communications from a number of popular services and organizations, such as Facebook, MySpace, UPS, Western Union, Amazon and others.

Computers infected with this trojan join together in a botnet and access command and control servers from where they receive instructions on what files to download and execute.

Most of the times, Bredolab distributes rogue antivirus software (scareware), but it is also known to install Pushdo, another downloader associated with the Cutwail spam botnet.

The servers were hosted by a reseller of LeaseWeb, the largest Web hosting company in the Netherlands, which collaborated in the investigation with the KLPD High Tech Crime Team (THCT), the Dutch Forensic Institute, the Computer Emergency Response Team of the Dutch Government (GOVCERT.NL) and a security vendor called Fox-IT.

The Dutch attorney general describes Bredolab as a high risk and aggressive threat and according to the THCT, this summer, during a single month period, the trojan infected over three million computers.

According to a press release from Fox-IT, the owners of affected computers, which connected to the 143 servers, will receive a notification next time they log into their systems.

The message was put there by the authorities and contains information on how to clean Bredolab, as well as other threats.

The investigators believe that the gang behind the trojan operates from somewhere in Eastern Europe, like most cybercriminal rings.