Suspected Bredolab Botnet Runner Arrested in Armenia

Armenian authorities arrested a 27-year-old man at the Yerevan airport yesterday, who is suspected of being responsible for running and creating the Bredolab botnet.

The arrest is connected to a recent operation coordinated by the High Tech Crime Team of the Dutch national police, that was aimed at dismantling the botnet.

Bredolab is known as one of the most prominent threats recorded during the second half of last year and was distributed through drive-by download attacks and rogue emails.

The Armenian taken into custody is believed to have infected as much as 29 million computers worldwide with the trojan.

According to security experts the botnet, which was one of the largest ever recorded, could send over 3.5 billion emails every day.

The High Tech Crime Team collaborated with the Dutch Forensic Institute, the Computer Emergency Response Team of the Dutch Government (GOVCERT.NL), a security vendor called Fox-IT and LeaseWeb, the largest hosting company in the Netherlands.

The authorities announced the shutdown of 143 Bredolab command and control servers hosted by a LeaseWeb reseller.

The Dutch Public Prosecution Service noted [Google translation] that when the takedown was taking place, the botnet runner tried to regain control of the army of infected computers.

When he realized that he couldn't, he launched a Distributed Denial of Service (DDoS) attack against LeaseWeb from 220,000 computers.

Alex De Joode, head of security at the ISP, told The Guardian that portions of the Bredolab botnet were rented to other cybercriminals.

For example, if a gang wanted to distribute a banking trojan targeting RBS, they could arrange so that it would be installed by Bredolab only on computers with UK IP addresses.

Investigators made changes to the Bredolab-infected computers so that when their owners open the browser, they would be directed to a special page informing them of what happened and instructing them on on how to clean their systems.

So far, over 100,000 users have accessed this page and 55 of them decided to use a special form on the website to file a complaint.