Bredolab at gunpoint

Yesterday, information appeared about the arrest of one of the botnet operators Bredolab at the airport of Yerevan . And in the Netherlands, 143 servers that are part of this botnet were rendered harmless. We have been monitoring the Win32 / TrojanDownloader.Bredolab virus family for a long time. This Trojan downloader is primarily intended to distribute other malicious programs.

At different times, such malicious software could be the following families:
')
Win32 / Waledac
Win32 / Oficla
Win32 / Koobface

And another half a dozen different evil spirits, the spread of which was beneficial in different periods of time to different cybercrime groups. The list of these malicious programs also includes the Zeus Trojan that has long been known to us, which has recently begun to lose ground. And even authoritative rumors about the transfer of the baton to the further distribution of this botnet to the authors of the equally well-known Win32 / Spy.SpyEye . Most likely, the authors of Zeus already feel the breath of law enforcement agencies in the back of their heads, and thus decided to simply cover their tracks. Since the investigation related to this botnet has been underway for a long time, the decrease in Zeus activity can be seen on the charts of the ZeuS Tracker service.

Win32 / TrojanDownloader.Bredolab was actively used as a bootloader in a large number of incidents related to the exploitation of vulnerabilities in client software.

In general, there is a global trend of concern about the problem of botnets and the use of proactive measures to reduce it. Several large botnets, such as Mariposa , Waledac, and others, have already been eliminated this year. Most likely, these circumstances may in the future somehow influence the changes in the landscape of cybercriminal business.