Shadow Botnet Creator Arrested in the Netherlands

The Dutch High Tech Crime Unit arrested a 19-year-old man from the Netherlands, as he was trying to sell the Shadow botnet that he had created to a Brazilian. International special forces, including the F.B.I., are collaborating for the extradition of the South American, who was also arrested, to the U.S.

The botnet spread via Microsoft's Windows Live Messenger, as the New York Times indicated, citing an IDG report, reaching 150,000 machines at its highest peak of activity. Computers were unwillingly pulled into the malicious network, as the threat was hidden into apparently normal messages. Users received messages from someone in their contacts list, which linked to a webpage where they were asked to download a file. After being downloaded on a computer, the malicious software gave hackers a list of account addresses from the victim's list, thus enabling them to enlarge the botnet.

Avoiding the infection was actually in the users' hands, because the malware didn't take advantage of a system vulnerability, but relied on people's lack of attention and on the blind confidence they had in their friends. So, those many people that were unaware of the danger put their computers at the hackers' disposal. The attackers could send spam messages, launch phishing campaigns, or attack certain websites at will.

The Dutch High Tech Crime Unit requested the help of a company specialized in security, namely Kaspersky, which was asked to advise people on how they could pull their machines out of the botnet. Details of how users can remove the malware are given on a Kaspersky webpage that was especially created.

Security Evangelist for Kaspersky Lab Eddy Willems warns that a manual removal may not have the best of results, as the botnet comes with more threats. "These programs may have downloaded additional malware to computers which were part of the botnet. So users should make sure they perform a full scan of their machine using an up-to-date antivirus solution." he says, adding that Kaspersky automatically detects and removes the malicious programs, being one of the most reliable solutions.