Dutch authorities have successfully disabled a huge malware-distributing botnet and brought about the arrest of its suspected mastermind in Armenia.
Known as Bredolab, the network constituted hundreds of thousands of compromised computers at any one time. Cybercriminals could then rent the botnet and distribute malware that captured sensitive user data, such as online banking log-ins and passwords.
Bredolab was controlled via servers rented from hosting provider Leaseweb in the Netherlands, which says it was first alerted by police in August 2010. The company was told to keep the servers running while a full investigation was conducted.
Law enforcement agencies in the Netherlands took action this week to shut down 143 command and control servers. On the orders of Dutch police, an unnamed 27-year-old man was then arrested by Armenian authorities on Tuesday at Zvartnots International Airport in the capital, Yerevan.
It is estimated that the Bredolab network may have infected up to 30 million computers worldwide in less than 18 months. While police attempted to disarm the botnet, the suspect made a last-ditch attack on Leaseweb.
"During the take-down of the Bredolab network at a Dutch hosting provider, the suspect made several attempts to take back control of the botnet," police said in a statement. "When his efforts failed, he made a massive attack with 220,000 infected computers on the hosting provider. This attack, called DDoS (distributed denial-of-service), was terminated after three computer servers in Paris used by the suspect were disconnected from the Internet."
The police say they have already warned approximately 100,000 people that their PCs may have been compromised at some stage.