FBI and Dutch law enforcement dismantle the Shadow network
The Dutch High Tech Crime Unit has arrested a 19 year-old Dutch national believed to be behind a botnet made up of around 100,000 infected PCs.
In a joint operation with the FBI last week, the Dutch authorities arrested the man who was trying to sell the botnet to a Brazilian for around €25,000, who was also arrested in the operation.
The Dutch police were alerted to the transaction by the FBI, and a joint team arrested the pair in a bar in Sneek, a small town in the province of Friesland, in the north of the Netherlands.
Dutch police are also working with security specialist Kaspersky Lab to provide victims of the botnet with instructions on how to remove the malware that connects hijacked PCs to the Shadow network.
Eddy Willems, security evangelist for Kaspersky Lab Benelux, said that coming up with a method of removing the botnet malware proved harder than usual as code included rootkit software. “Because of that rootkit it was not easy to explain to users how to get rid of the malware,” he said.
Kaspersky has created a webpage with removal information as well as how to make a formal complaint to the police. The Shadow botnet is believed to have a global reach and used infected machines from the US, UK and mainland Europe.
The removal instructions created by Kaspersky only apply directly to the malware associated with the botnet so the company is advising anyone who suspects their machine has been infected to use additional security scanning software. “These programs may have downloaded additional malware to computers which were part of the botnet. So users should make sure they perform a full scan of their machine using an up-to-date antivirus solution,” Willems warned.
The Dutch Police and FBI are working to contact unwitting members of the botnet but it will often not be obvious to anyone infected with botnet malware that their system has been compromised, Willems admitted.
Analysts from security company Marshall, claimed this week that three botnets are responsible for 75 percent of all spam, and 1.5 million Websites were infected by a botnet attack in May 2008.
The world's largest botnet, Srizbi controls more than 315,000 infected machines sending 50 percent of all spam, followed by Rustock and Mega-D botnets, generating 14 percent each, accord to Marshal. “In our view, the use of botnets to launch mass website attacks is the most concerning issue to arise so far in 2008,” said Bradley Anstis, vice president of products for Marshal.