A huge network of 100,000 PCs was used to conduct a denial-of-service attack against an unidentified U.S. company in an extortion attempt, and for many other nefarious deeds, according to Dutch police.
Dutch police arrested three men for creating a botnet of more than 100,000 compromised PCs, authorities in the Netherlands said Friday. They allege the botnet was used in an attempt to extort a U.S. company, to steal PayPal and eBay accounts, and to install adware and spyware.
The pinch is among the biggest botnet scores ever for law enforcement, Dutch authorities said. "With 100,000 infected computers, the dismantled botnet is one of the largest ever seen," the Public Prosecution Service (Openbaar Ministerie, or OM) said in a statement. The network of hijacked PCs and servers consisted of machines worldwide.
The three men, ages 19, 22, and 27, allegedly used the Toxbot (aka Codbot) Trojan to infect the machines, on which they then installed adware and spyware. The massive botnet was also used to conduct a denial-of-service (DoS) attack against an unidentified U.S. company in an extortion attempt to squeeze payment for not bringing down the firm's Web site.
Police also said that the trio -- which was led by the 19-year-old -- used phishing tactics to hijack PayPal and eBay accounts, then "used to pay for goods ordered on the Internet."
Not stopping there, said prosecutors, the three also may have written viruses for others, who paid the hackers to come up with tools for stealing online bank account usernames and passwords.
Toxbot/Codbot harks to February 2005, and has been successfully tweaked numerous times, said Graham Cluley, a senior technology consultant for U.K.-based security firm Sophos, in an apparent attempt on the part of the three to stay one step ahead of anti-virus vendors.
"Each time the Trojan was stopped by anti-virus defenses, they made a new version," he said. "This was not just a one-off. The sheer number of variants shows this wasn't a crime they committed just once."
It would likely take many attacks, Cluley added, for the attackers to have collected 100,000 controlled PCs that made up the reported botnet.
Police seized computers, cash, a sports car, and bank accounts at the three men's residences, and additional arrests are expected. The three were to be taken before a magistrate in Breda, a city approximately 25 miles south of Rotterdam, on Friday.
The botnet was dismantled, prosecutors said, with help from the Dutch National High Tech Crime Center; GOVCERT.NL, the Netherlands' Computer Emergency Response Team; and several Internet service providers, including the Amsterdam-based XS4ALL.
Although Cluley didn't think the arrests would make a serious dent in the number of zombie PCs controlled by hackers' botnets, he did applaud the heat authorities have put on hackers and scammers this year.
"There have been many more arrests in 2005 and 2004 than in years prior," Cluley noted. "More and more countries are clued in about computer crime, especially as it's become clear that there's so much money to be made. If nothing else, the continued arrests have proven that hacking is a more dangerous pursuit than it once was.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
InformationWeek Tech Digest August 03, 2015The networking industry agrees that software-defined networking is the way of the future. So where are all the deployments? We take a look at where SDN is being deployed and what's getting in the way of deployments.