James Delahunty
30 Oct 2010 18:30
Despite an Dutch-led operating that disconnected 143 command and control servers from the Internet, the Bredolab botnet appears to still be receiving instructions from remaining servers.
Dutch authorities have said that the Bredolab investigation is still on-going, after already taking 143 servers offline and capturing of what authorities described as a computer virus "mastermind" in Armenia. At least two botnet command nodes appear to still be active.
The servers are located in Russia and Romania, and they will deliver FakeAV (Antivirusplus) and spam to infected machines that look them up. A third command node located in Russia was also showing signs of life earlier in the week, but appears to have gone offline permanently.
Security firm FireEye reckons that a second group of bot herders are issuing new instructions to the remaining zombie drones either attempting to make their own botnet or are continuing to use portions of the botnet they had previously rented.
At its most active, Bredolab was capable of causing 3 million infections in a month and is responsible for billions of spam e-mail messages.