Dutch police shut down Bredolab botnet

The Bredolab takedown includes an effort to redirect about 30 million infected Windows computers to a special website with instructions and assistance to remove the malware.

The beheading of the botnet has raised legal questions (code had to be uploaded to infected machines to handle the redirection to a clean-up site) but many argue that this is the kind of collaboration necessary to effectively counter the botnet menace.

According to the Dutch authorities, the botnet used servers hired in the Netherlands from a reseller of LeaseWeb, which is the largest hosting provider in the Netherlands, and one of the largest hosts in Europe.

LeaseWeb fully cooperated in eradicating the issue from its network, as part of its Community Outreach program. The Dutch High Tech Crime Team discovered this botnet system in the late summer. During its investigation, the Team determined that the network was capable of infecting 3 million computers a month. At the end of 2009 it was estimated that 3.6 billion emails with Bredolab virus payloads were sent daily to unsuspecting computer users.

Here is the website that automatically launches when an infected user logs on to the internet.  It included background information on the threat and links to four free anti-virus scanners to help with disinfection.