Biggest botnet takedown to date

Yesterday law enforcement officials arrested 6 people and charged them with running a massive internet fraud ring. Over 4 million PCs were part of the botnet.
According to the FBI

the cyber ring used a class of malware called DNSChanger to infect approximately 4 million computers in more than 100 countries. There were about 500,000 infections in the U.S., including computers belonging to individuals, businesses, and government agencies such as NASA. The thieves were able to manipulate Internet advertising to generate at least $14 million in illicit fees. In some cases, the malware had the additional effect of preventing users’ anti-virus software and operating systems from updating, thereby exposing infected machines to even more malicious software.

The FBI worked with a number of security groups around the world as part of the investigation and take down. TrendMicro was one of the groups that first identified this botnet. On their blog they discuss the information they collected during a 5 year investigation into Rove Digital. Spamhaus, too, had a large collection of information about Rove Digital in the Register of Known Spamming Operations (ROKSO).
In his report on the take down, Brian Krebs also mentions the role of the ISC in keeping the millions of infected users from losing internet access during the seizure.
Congratulations and thanks to everyone involved in the hard work it took to identify and arrest these criminals. And for the effort people put in to making the Internet safer for all of us.

Related Posts

Spammer prosecuted in New Zealand

Today (well, actually tomorrow, but only because New Zealand is on the other side of the date line) the NZ Department of Internal Affairs added a 3rd statement of claim against Brendan Battles and IMG Marketing. This third claim brings the total possible fines to $2.1 million.
Brendan is a long term spammer, who used to be in the US and moved to New Zealand in 2006. His presence in Auckland was noticed by Computerworld when a number of editors and staffers were spammed. When contacted by the paper, Brendan denied being involved in the spam and denied being the same Brendan Battles.
New Zealand anti-spam law went into effect in September 2007. The Unsolicited Electronic Messages Act 2007 prohibits any unsolicited commercial email messages with a New Zealand connection, defined as messages sent to, from or within New Zealand. It also prohibits address harvesting.
The Internal Affairs department also appears to be investigating companies that purchased services from Brendan Battles.

Read More

Appeals court rules in e360 v. Spamhaus

On August 30, 2007 I wrote my very first blog post: 7th Circuit court ruling in e360 v. Spamhaus. Today, 4 years later (almost to the day) that case may finally be over.

Read More

Bit.ly gets you Blocked

URL shorteners, like bit.ly, moby.to and tinyurl.com, do three things:

Read More