Slashdot Mirror

← Back to Stories (view on slashdot.org)

Creators of Massive Botnet Arrested

Posted by CmdrTaco on from the well-maybe-don't-do-that dept.

DigitumDei writes "Dutch police has nabbed 3 men (aged 19,22, & 27) who alledgedly used the toxbot trojan to create a botnet of over 100000 machines. The trio conducted a DDOS attack against an unnamed US company in an extortion attempt, as well as using phishing tactics to hijack PayPal and eBay accounts. From the article: 'Police seized computers, cash, a sports car, and bank accounts at the three men's residences, and additional arrests are expected. The three were to be taken before a magistrate in Breda, a city approximately 25 miles south of Rotterdam, on Friday. The botnet was dismantled, prosecutors said, with help from the Dutch National High Tech Crime Center; GOVCERT.NL, the Netherlands' Computer Emergency Response Team; and several Internet service providers, including the Amsterdam-based XS4ALL.'"

14 of 243 comments (clear)

  1. Extortion? by Anonymous Coward · · Score: 5, Funny
    Dat's a nice website ya got dere. SHAME if sumtin happened to it.

    /Godfather music in background

  2. Wow. by Black+Parrot · · Score: 5, Funny

    A city-wide Thieves Guild is understandable, but a National Crime Center is just going too far.

    --
    Sheesh, evil *and* a jerk. -- Jade
  3. mmm by Anonymous Coward · · Score: 5, Funny

    the creators of the slashdot network are still at large tho :)

  4. Good! by RedNovember · · Score: 5, Insightful
    I'm happy these guys were arrested. Things like this scare companies and people away from technology. Not to imply that modern companies will survive without computers, but will your boss think long and hard before approving tech budgets? You bet. I've never heard of a bunch of crackers extorting a company.

    This will also give them pause when hiring former hackers. They might think "Is this guy going to give extortionists inside info?"

    On the other hand, security folks may have a budget windfall thrown their way. Considering '"Each time the Trojan was stopped by anti-virus defenses, they made a new version," he said. "This was not just a one-off. The sheer number of variants shows this wasn't a crime they committed just once."' Those security people better get to it.

    --
    "MY APOCALYPTIC TENOR HAS NOT BEEN DISPELLED!" - T-Rex, qwantz.com
  5. About time by dow · · Score: 5, Funny

    I get so many of these zombie machines trying things everyday and never hear about anyone getting caught. Hope they get sentenced to ten years of Windows XP.

  6. Why? by AAeyers · · Score: 5, Funny

    ...who alledgedly used the toxbot trojan to create a botnet of over 100000 machines.

    It seems a little harsh to get arrested for only infecting 32 machines.....

    --
    "For Great Justice."
    1. Re:Why? by Filip22012005 · · Score: 5, Funny

      You're thinking of a bitnet.

      Related concepts: the batnet and the butnet.

      And then, there's also the botnut (three of which got arrested), the bitnut (such as yourself), the butnut (erm...), the botknit (a network of 100000 computers strung together by my grandma), the botNAT, and the bitenight (Buffy the movie).

      --
      When the policeman of the tie, rule you violate, hello punishment of the kitty?
  7. How do you dismantle a botnet? by Anonymous Coward · · Score: 5, Interesting

    Surely those computers are still vulnerable to the toxbot trojan at best, or just waiting for somebody to give the right commands at worst.
    Unless you use the trojan to patch the system of course, but that would be illegal.

  8. Re:Good, but... by seti · · Score: 5, Interesting

    When I was in uni, we had a guy from the Belgian Computer Crime Unit (CCU) come and talk to us about computer criminality. We asked a load of questions, including whether they actually actively went after casual downloaders. Basically they said they were so swamped going after child pornography sites, they did not have any resources at all for those kind of activities.

    Most police "cybercrime" units are still very underfunded.

    --
    Coca-Cola, sometimes War.
  9. Re:a botnet of over 100000 machines by mustafap · · Score: 5, Funny

    >1 MegaBot==10E6 Bots.

    No no no no no. How many times to we have to tell you?

    1MegaBot == 1024*1024 bots.

    Dammed marketing bots.

    --
    Open Source Drum Kit, LPLC deve board - mjhdesigns.com
  10. Comment removed by account_deleted · · Score: 5, Funny

    Comment removed based on user account deletion

  11. Re:Good, but... by Anonymous Coward · · Score: 5, Insightful
    Well, just like the marijuana laws on the books (forced by other countries), it's public policy not to enforce things that are considered a waste of law enforcements time.

    The government said themselves that making file sharing a criminal offence just turns a large portion of the population into criminals for no real benefit. This is similar to the drugs policy. From Wikipedia:

    However, a policy of non-enforcement has led to a situation where reliance upon non-enforcement has become common, and because of this the courts have ruled against the government when individual cases were prosecuted.

    This is because the Dutch Ministry of Justice applies a gedoogbeleid (policy of tolerance) with regard to soft drugs: an official set of guidelines telling public prosecutors under which circumstances offenders should not be prosecuted. This is a more official version of the common practice in other countries, in which law enforcement sets priorities as to which offenses are important enough to spend limited resources on.

    Proponents of gedoogbeleid argue that such a policy offers more consistency in legal protection in practice, than without it. Opponents of the Dutch drug policy either call for full legalization, or argue that laws should penalize morally wrong or decadent behavior, whether this is enforceable or not.

    So no, the government tends to go after real criminals, rather than waste time on teenagers with too much free time.
  12. Re:a botnet of over 100000 machines by Jugalator · · Score: 5, Funny
    No no no no no. How many times to we have to tell you?
    1MegaBot == 1024*1024 bots.

    No!! You're talking about a MebiBot!

    // Random Mebi Enforcement Zealot

    --
    Beware: In C++, your friends can see your privates!
  13. RE: How to dismantle a botnet!! by A.K.A_Magnet · · Score: 5, Interesting

    OK I'm a bit late on this story, but maybe some mods will be late too ;)

    As an IRC admin for few years, I saw many botnet channels. The botnet masters enjoy putting their bots on IRC (on a secret channel) because it's a third party who provides the communication support, IRC is a good message demultiplexer, and they think it's safe since they only log on IRC with a proxy.

    They can identify themselves with a given bot by going private (PRIVMSG .ident ) or just on the channel, the PRIVMSG will be sent to every bot. Now 100k bots in a channel is a lot but I have seen 30k already.

    The bots had random nicks so we just put a bot of ours with a random nick in the channel, logged everything and then get the login/pass (I guess in this case Dutch police had the login/pass pair from the PCs they seized). Then we looked out for the bot version, looked on the web for commands (usually, the bot masters are script kiddies and just build the bot from an "automatic" builder they download on the web... they wouldn't even build from the sources).

    All of the bots I encountered disposed of attacks commands et al, but also a clean removal command. That's what we used.

    Now I don't know about the bot in this story, but most likely the botnet masters HAD a mean to contact them all (now is it IRC-like with a big channel, or distributed among the bots à la DNS, I don't know... But even if the removal command isn't here, there's still a way to tell the bot to execute a given binary they download from a given URL).

    And I don't think that would really be illegal, remember, the PC owners rarely know they are infected or don't care. They won't know or won't care either if someone removes the bot for them. And if they say something, just sue them since it means they were part of the attack knowingly ;). Who would want to be part of the botnet ? :)

    Anyway I hope we could shut down more of these networks (and MS should pay for their dismantle since nearly all zombies networks are running Windows).