BREDOLAB: JAIL FOR MAN WHO MASTERMINDED BOTNET OF 30 MILLION COMPUTERS
Graham Cluley
Naked Security
http://nakedsecurity.sophos.com/2012/05/23/bredolab-jail-botnet/
May 23 2012
A man who was in command of a botnet of some 30 million computers
worldwide has been sentenced to four years jail in Armenia.
According to prosecutors, Georg Avanesov was earning 100,000 Euros
(£80,000 or $125,000) a month from hit Bredolab botnet business,
renting out access to the compromised computers to criminals who wanted
to send out spam, and spread malware and fake anti-virus attacks.
The criminal income allowed the hacker to live a pretty lavish
lifestyle by all reports, as he jetted off to the Seychelles with
his attractive girlfriend and fancied himself as a DJ.
At its peak, it is estimated that Avanesov's botnet was spewing out
over 3 billion infected emails every day.
Avanesov's comeuppance began in October 2010, when Dutch police
announced that they had wrestled control of 143 Bredolab botnet command
& control servers, and were using it to display a warning to infected
computer users.
The very next day, the botmaster was arrested by the authorities
as he arrived on a late night flight from Moscow to Yerevan Airport
in Armenia.
Georg Avanesov - a Russian citizen of Armenian descent - didn't mind
selling off access to his botnet, because he found it so easy to
expand it by hijacking even more computers.
Legitimate websites were hacked to spread malicious payloads that
infected recruited visiting computers into the botnet, and further
malware would be installed which stole usernames and passwords to
FTP accounts. This would inevitably result in even more websites
becoming infected.
(There's an important lesson for website administrators to learn here.
Don't tell your FTP software to remember your passwords, because if
they are not held securely they could be scooped up by malware).
Often, attacks designed to recruit new computers into the botnet
would be spammed out. On occasion, the emails would pretend to come
from the likes of Facebook, Skype and Amazon with an attached HTML
file, luring users into clicking and being ultimately infected by a
compromised third-party website.
It's easy to imagine how some recipients would be easily tricked into
clicking on attachments, even if it were out of curiousity.
The botnet was also used to launch distributed denial-of-service
attacks, effectively blasting websites off the net with the sheer
amount of unwanted traffic sent to them from hijacked PCs.
Of course, others were definitely involved in the Bredolab cybercrime
operation, and we will have to wait and see if they are ever brought
to justice.
And it may not be the end of the story for Avanesov either - as it
is possible that lawsuits may still be filed by overseas parties for
the crimes that were committed worldwide.
Lawyers defending Avanesov were quoted as claiming that their client
"did not intend to deliberately harm anyone" with his activities,
but clearly that argument didn't find much support at the district
court in Yerevan which sentenced him to four years in jail for
"computer sabotage".
The judgment is something of a historic event in Armenia - as it is
the first such computer crime-related sentence to be handed out in
the country.
Graham Cluley
Naked Security
http://nakedsecurity.sophos.com/2012/05/23/bredolab-jail-botnet/
May 23 2012
A man who was in command of a botnet of some 30 million computers
worldwide has been sentenced to four years jail in Armenia.
According to prosecutors, Georg Avanesov was earning 100,000 Euros
(£80,000 or $125,000) a month from hit Bredolab botnet business,
renting out access to the compromised computers to criminals who wanted
to send out spam, and spread malware and fake anti-virus attacks.
The criminal income allowed the hacker to live a pretty lavish
lifestyle by all reports, as he jetted off to the Seychelles with
his attractive girlfriend and fancied himself as a DJ.
At its peak, it is estimated that Avanesov's botnet was spewing out
over 3 billion infected emails every day.
Avanesov's comeuppance began in October 2010, when Dutch police
announced that they had wrestled control of 143 Bredolab botnet command
& control servers, and were using it to display a warning to infected
computer users.
The very next day, the botmaster was arrested by the authorities
as he arrived on a late night flight from Moscow to Yerevan Airport
in Armenia.
Georg Avanesov - a Russian citizen of Armenian descent - didn't mind
selling off access to his botnet, because he found it so easy to
expand it by hijacking even more computers.
Legitimate websites were hacked to spread malicious payloads that
infected recruited visiting computers into the botnet, and further
malware would be installed which stole usernames and passwords to
FTP accounts. This would inevitably result in even more websites
becoming infected.
(There's an important lesson for website administrators to learn here.
Don't tell your FTP software to remember your passwords, because if
they are not held securely they could be scooped up by malware).
Often, attacks designed to recruit new computers into the botnet
would be spammed out. On occasion, the emails would pretend to come
from the likes of Facebook, Skype and Amazon with an attached HTML
file, luring users into clicking and being ultimately infected by a
compromised third-party website.
It's easy to imagine how some recipients would be easily tricked into
clicking on attachments, even if it were out of curiousity.
The botnet was also used to launch distributed denial-of-service
attacks, effectively blasting websites off the net with the sheer
amount of unwanted traffic sent to them from hijacked PCs.
Of course, others were definitely involved in the Bredolab cybercrime
operation, and we will have to wait and see if they are ever brought
to justice.
And it may not be the end of the story for Avanesov either - as it
is possible that lawsuits may still be filed by overseas parties for
the crimes that were committed worldwide.
Lawyers defending Avanesov were quoted as claiming that their client
"did not intend to deliberately harm anyone" with his activities,
but clearly that argument didn't find much support at the district
court in Yerevan which sentenced him to four years in jail for
"computer sabotage".
The judgment is something of a historic event in Armenia - as it is
the first such computer crime-related sentence to be handed out in
the country.