BredoLab botnet

BredoLab botnet

The BredoLab Botnet, also known by its alias Oficla,[1] was a Russian-founded[2] botnet mostly involved in viral e-mail spam. Before the botnet was eventually dismantled in November 2010 through the seizure of 143 command and control servers, it was estimated to consist of around 30 million zombie computers.[3][4][5]

Contents

Operations

Though the earliest reports surrounding the BredoLab botnet originate from May 2009 (when the first malware samples of the Bredolab trojan horse were found) the botnet itself did not rise to prominence until August 2009, when there was a major surge in the size of the botnet.[6][7] Bredonet's main form of propagation was through sending malicious e-mails that included malware attachments which would infect a computer when opened, effectively turning the computer into another zombie controlled by the botnet. At its peak, the botnet was capable of sending 3.6 billion viral emails every day.[8] The other main form of propagation was through the use of drive-by downloads - a method which exploits security vulnerabilities in software. This method allowed the botnet to bypass software protection in order to facilitate downloads without the user being aware of them.[9]

The main income of the botnet was generated through leasing parts of the botnet to third-parties who could subsequently use these infected systems for their own purposes, and security researchers estimate that the owner of the botnet made up to $139,000 a month from botnet related activities.[4][10][11] Due to the rental business strategy, the payload of Bredolab has been very diverse, and ranged from scareware to malware and e-mail spam.[12]

Dismantling and aftermath

On 25 October 2010, a team of Dutch law enforcement agents seized control of 143 command and control servers rented from LeaseWeb[8] (a internet hosting service company), effectively removing the botnet herder's ability to control the botnet centrally.[2][12][13] In an attempt to regain control over his botnet, the botnet herder utilized 220,000 computers which were still under his control, to unleash a DDoS attack on LeaseWeb servers, though these attempts were ultimately in vain.[14] After taking control over the botnet, the law enforcement team utilized the botnet itself to send a message to owners of infected computers, stating that their computer was part of the botnet.[8][15]

Subsequently Armenian law enforcement officers arrested an Armenian citizen,[4][16] on the basis of being the suspected mastermind behind the botnet. The suspect denied any such involvement in the botnet.[11][12]

While the seizure of the command and control servers severely disrupted the botnet's ability to operate,[17] the botnet itself is still partly intact, with command and control servers still being present in Russia and Kazakhstan.[15] Security firm Fireeye believes that a secondary group of botnet herders has taken over the remaining part of the botnet for their own purposes, possibly a previous client who reverse engineered parts of the original botnet creator's code. Even so, the group noted that the botnet's size and capacity has been severely reduced by the law enforcement intervention.[10][18]

See also

References


Wikimedia Foundation. 2010.

Игры ⚽ Нужен реферат?

Look at other dictionaries:

  • Botnet — Ablauf der Entstehung und Verwendung von Botnetzen: 1. Infizierung ungeschützter Computer, 2. Eingliederung in das Botnet, 3. Botnetbetreiber verkauft Dienste des Botnets, 4./5. Ausnutzung des Botsnets, etwa für den Versand von Spam Ein Botnet… …   Deutsch Wikipedia

  • Storm botnet — The typical lifecycle of spam that originates from a botnet: (1) Spammer s web site (2) Spammer (3) Spamware (4) Infected computers (5) Virus or trojan (6) Mail servers (7) Users (8) Web traffic The Storm… …   Wikipedia

  • Mariposa botnet — The Mariposa botnet, discovered December 2008,[1] is a botnet mainly involved in cyberscamming and denial of service attacks.[2][3] Before the botnet itself was dismantled on December 23, 2009, it consisted of 8 to 12 million individual… …   Wikipedia

  • Mega-D botnet — The Mega D, also known by its alias of Ozdok, is a botnet that at its peak was responsible for sending between 30% and 35% of spam worldwide.[1][2][3] On October 14, 2008, the U.S Federal Trade Commission, in cooperation with Marshal Software,… …   Wikipedia

  • Cutwail botnet — The Cutwail botnet, founded around 2007[1] and also known by its aliases of Pushdo and Pandex[2], is a botnet mostly involved in DDoS attacks and sending spam e mails. Contents 1 Operations 2 See also …   Wikipedia

  • Donbot botnet — Donbot, also known by its aliases Buzus and Bachsoy,[1] is a botnet mostly involved in sending pharmaceutical and stock based e mail spam.[2][3] The Donbot botnet is thought to consist of roughly 125,000 individual computers,[2] which combined… …   Wikipedia

  • Metulji botnet — The Metulji botnet, discovered exposed in June 2011,[1] is a botnet mainly involved in cyberscamming and denial of service attacks. Before the botnet itself was dismantled, it consisted of over 12 million individual zombie computers infected …   Wikipedia

  • Zeus (trojan horse) — Zbot redirects here. For the action figures, see Zbots. For other uses, see Zeus (disambiguation). Zeus is a Trojan horse that steals banking information by keystroke logging and Form Grabbing. Zeus is spread mainly through drive by downloads and …   Wikipedia

  • Operation: Bot Roast — is an operation by the FBI to track down bot herders, crackers, or virus coders who install malicious software on computers through the Internet without the owners’ knowledge, which turns the computer into a zombie computer that then sends out… …   Wikipedia

  • crime-as-a-service — n. Web based software that enables or enhances online criminal activity. Also: cybercrime as a service, crimeware as a service, CaaS. Example Citations: A worrying new phrase has entered the lexicon of cybercrime Crime as a Service (CaaS)... CaaS …   New words

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”