ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Dutch police shut down Bredolab botnet

By | October 27, 2010, 8:49am PDT

Summary: Law enforcement officials in the Netherlands have seized and disconnected 143 servers linked to the dangerous Bredolab botnet.

Law enforcement officials in the Netherlands have seized and disconnected 143 servers linked to the dangerous Bredolab botnet.

The Bredolab takedown includes an effort to redirect about 30 million infected Windows computers to a special website with instructions and assistance to remove the malware.

The beheading of the botnet has raised legal questions (code had to be uploaded to infected machines to handle the redirection to a clean-up site) but many argue that this is the kind of collaboration necessary to effectively counter the botnet menace.

According to the Dutch authorities, the botnet used servers hired in the Netherlands from a reseller of LeaseWeb, which is the largest hosting provider in the Netherlands, and one of the largest hosts in Europe.

LeaseWeb fully cooperated in eradicating the issue from its network, as part of its Community Outreach program. The Dutch High Tech Crime Team discovered this botnet system in the late summer. During its investigation, the Team determined that the network was capable of infecting 3 million computers a month. At the end of 2009 it was estimated that 3.6 billion emails with Bredolab virus payloads were sent daily to unsuspecting computer users.

Here is the website that automatically launches when an infected user logs on to the internet.  It included background information on the threat and links to four free anti-virus scanners to help with disinfection.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Network, Virus, Computer, Bredolab, Bredolab Virus, Productivity, Cyberthreats, Viruses And Worms, Security, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

18
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Dutch police shut down Bredolab botnet
FAULKNE 13th Oct
Good day to confirm this comment I would appreciate T h e b e s t o f Z D N e t d e l i v e r e d your website very nice to everyone Yes, Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage.I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much || thanks for nice content this is really benefit to me.
View in thread
0 Votes
+ -
NICE... nothing like a good botnet take down!
Been_Done_Before 27th Oct 2010
but did they really take it offline or just hijack it?
0 Votes
+ -
RE: Dutch police shut down Bredolab botnet
lovedong 12th Sep
Very nicely done; you stayed very true to Gibbons' style! chanel bags
0 Votes
+ -
RE: Dutch police shut down Bredolab botnet
lovedong 13th Sep
i'm going to use these thanks a lot! happy rolex watches
0 Votes
+ -
RE: Dutch police shut down Bredolab botnet
Agnostic_OS 27th Oct 2010
Excellent news! Thanks Ryan for some good news.

As to the legality of redirecting users PCs, I believe that Holland, like most EU countries, have laws to stop ISPs from knowing allowing malware propagation, so for the users the clean-up option is preferred over disconnection.
0 Votes
+ -
RE: Dutch police shut down Bredolab botnet
deltadan Updated - 27th Oct 2010
(1) The article states "143 servers seized" -- that's not "hijacking."

(2) Only the referenced ISP & servers were located in NL. The "30 million infected computers" receiving the removal payload were/are scattered all-over the world, & thus governed by multiple jurisdictions where the Dutch have no authority...
0 Votes
+ -
RE: Dutch police shut down Bredolab botnet
Bellhop 27th Oct 2010
Your search is redirected. How do you know whether or not you've been redirected to a legitimate site? Couldn't the bad guys also redirect you to their site?
0 Votes
+ -
RE: Dutch police shut down Bredolab botnet
pepezd1 27th Oct 2010
I do not care
0 Votes
+ -
RE: Dutch police shut down Bredolab botnet
james347 27th Oct 2010
'bout time.
0 Votes
+ -
RE: Dutch police shut down Bredolab botnet
windozefreak 27th Oct 2010
This is very good news. When law abiding companies work together with law enforcement, the crooks don't have a chance.
0 Votes
+ -
RE: Dutch police shut down Bredolab botnet
arthur_rogers90@... 28th Oct 2010
Yea, that's what they call in the vernacular a Dutch Treat; "Lend us your computer and we'll send you an e-mail!"

Art?
0 Votes
+ -
RE: Dutch police shut down Bredolab botnet
MACKENZI 11th Sep
I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate! nccma cooler
0 Votes
+ -
RE: Dutch police shut down Bredolab botnet
PEARLINEI 12th Sep
I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post. this thread is amazing i like your work and i appreciate you that you have share a useful stuff thanks for sharing the i shop abatwa
0 Votes
+ -
RE: Dutch police shut down Bredolab botnet
RHIANNONA 13th Sep
I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post.Bookmarking now thanks please consider a follow up post. power sa shop
0 Votes
+ -
RE: Dutch police shut down Bredolab botnet
SATURNINA 14th Sep
I think the representation of this article is actually superb one. This is my first visit to your site. Thanks a lot and keep sharing the information. Keep updating the information for all of us. Thanks ZDNet Government was launched as the brand's first industry vertical, with a mission to cater to IT professionals in the public secto I agree with your post. However, do you have any sources I can cite for my paper wheel car com bury
0 Votes
+ -
RE: Dutch police shut down Bredolab botnet
TOCCAR 25th Sep
Well welcome, hopefully you can become a vital member of the community and really help to push far ahead of google. Which Im sure the development team would love. This will of course earn you alot points too and get you on the leaders board. z d n e t t h a n k Im not sure i come to an agreement with you on every level, howevor it absolutely was a good posting, many thanks for taking the time to put up your ideas.
0 Votes
+ -
RE: Dutch police shut down Bredolab botnet
MCKNIGH 26th Sep
Thanks nice info z d n e t I really liked your current article write more..let me add you to its favorite The articles you have on zdnet s i t e are always so enjoyable to read. Good work and I bookmarked it.
0 Votes
+ -
RE: Dutch police shut down Bredolab botnet
MEJIAHA 30th Sep
Fantastic news about the new release.I positively enjoying each little bit of it and I have you b o o k m a r k e d to check out new stuff you weblog post.Im not sure i come to an agreement with you on every level, howevor it absolutely was a good posting, many thanks for taking the time to put up your ideas
0 Votes
+ -
RE: Dutch police shut down Bredolab botnet
FAULKNE 13th Oct
Good day to confirm this comment I would appreciate T h e b e s t o f Z D N e t d e l i v e r e d your website very nice to everyone Yes, Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage.I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much || thanks for nice content this is really benefit to me.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix