*I'm sensing the presence of some connected informants here. They seem to be picking off botnet guys who lack Russian protection.
*I wonder why this Russian-Armenian guy's name isn't given. Maybe because they don't intend to prosecute him? Because the Dutch caught him, but the Armenians have him.
http://threatpost.com/en_us/blogs/bredolab-botnet-crackdown-could-have-wide-impact-102610
(...)
"On Tuesday, the Public Ministry said that Armenian authorities had arrested a 27 year old man believed to be the Bredolab mastermind at the airport in Yerevan, Armenia. Bredolab is a Trojan horse program that has been linked to infections by the Gumblar script downloader, a Web based attack tool.
"Bredolab infected systems are directly linked to the spread of spam e-mails and malicious file attachments and to identity theft, including banking account compromises and stolen credit cards. At one point, the network numbered more than three million strong and was responsible for 30 million infections and the distribution of 3.6 billion spam e-mails daily. (((They didn't just bust this guy, they analyzed his system in some detail.)))
"Following the take-down, infected computers were redirected to a Web page with instructions on removing the Bredolab Trojan. (((They actually COMMUNICATED with the victims of the botnet by using the seized botnet. That's a first.)))
"The spam messages sent out by the network often contained malicious attachments masquerading as "DHL invoices" for thousands of dollars to trick users into opening the malicious attachment, said Kurt Baumgartner, a senior security researcher at Kaspersky Lab.
"Dutch authorities had been monitoring the Bredolab operation since the Summer, when hosting firm LeaseWeb notified authorities that some of their servers were being used as the command and control infrastructure for Bredolab. That investigation led to the alleged botmaster, a dual Russian-Armenian citizen, said Wim De Bruin, spokesman for the National Public Prosecutor's Office in Rotterdam, The Netherlands. (((Way to go, Dutch authorities.)))
"In all, 143 servers were taken offline by LeaseWeb, the Public Office said. Those servers were the core of a global malware distribution hub that encompassed more than just Bredolab, said Baumgartner.
"What ended up getting taken down was really a malware distribution network. Part of that network included what you might package as 'Bredolab Command and Control Servers' But the Bredolab controllers would install other pieces of malware that would report back to multiple layers of other proxies," he said.
"As a result, the impact of the takedown could be felt far and wide in the anti malware community, with possible implications for other malware distribution operations. The Bredolab downloader was known to pull down other common malware like Pushdo and Cutwail, Baumgartner said.
"The anti malware community and law enforcement in a number or countries had their eyes on the network, in part because of the prolific amounts of malware being distributed and the links between Bredolab and attacks on customers of leading financial services firms, he said. (((Got the banks to pay for it. Well, they're the only people left with money.)))
"The action is just the latest high profile and coordinated botnet takedown...."
