A 27 year old Russian citizen, Georgiy Avanesov, has been jailed for four years after being found guilty of charges of creating and spreading the ‘Bredolab’ botnet that infected an estimated 30 million computers around the world.
A botnet is a number of Internet computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet. The Bredolab botnet began operating in March 2009 and quietly accessed computers as far as Holland and France in order to spread the virus. The virus was primarily used to send spam emails and launch DDoS (Distributed Denial of Service) attacks and, at its peak, the Bredolab botnet sent out an estimated 3.6 million junk mail messages per day.
The Bredolab network was also hired out to other cyber criminals who used it to carry out attacks on websites, advertise fake anti-virus programs and send out their own spam and viruses. It was through hiring out the botnet network and distributing the many thousands of spam emails that Avanesov realised a staggering profit of approximately €100,000 each month.
This finally came to an end in October 2010 when Dutch Police wrestled control of the botnet and initiated an investigation to expose its creator. Avanesov attempted to impede this investigation using a web-based attack but his efforts to regain control of the botnet failed and, unsurprisingly, his arrest followed soon after. Avanesov was arrested at Zvartnots airport in Yerevan, Armenia, one day after the Dutch High Tech Crime Unit disrupted the Bredolab botnet and seized 143 servers that were used to control it.
It has since been reported that although the Dutch authorities were able to seize key computer servers in the Bredolab botnet, a portion of the network remains alive with command and control servers still present in Russia and Kazakhstan, leaving the botnet itself partly intact.
Suggestions have been made that a secondary group of botnet herders have taken over the remaining part of the botnet for their own purposes, but at this time this has not been confirmed. Nevertheless, the botnet has been compromised in both strength and capacity and the conviction remains a breakthrough for the Armenian law enforcement.
No doubt, the Bredolab botnet will be replenished and other botnets will pop-up over time, allowing a lucrative and powerful “cyber attack” capability to the highest bidder.