Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bredolab Botnet Taken Down

Posted by CmdrTaco on from the nothing-else-happening-today dept.

Leon Buijs writes "Monday a 27-year-old Armenian was arrested at request of the Dutch authorities. The Dutch police think he is the brain behind the infamous, 30 million infected computers large Bredolab network, that was taken down by their Team (in Dutch) High Crime. Bredolab was used to spread virii and spam via the Netherlands. While taking the botnet down at a Dutch ISP, the suspect did several attempts to regain control. When this didn't work out, he did a DDoS attack on the ISP's servers using a 220,000 computers botnet. However, this was also broken off by taking 3 servers offline that the Armanian used for this, in Paris."

8 of 187 comments (clear)

  1. Don't use made up words by nyctopterus · · Score: 4, Informative

    In before everyone else: there is no such word as 'virii'.

    1. Re:Don't use made up words by Spyware23 · · Score: 2, Informative

      This. For the love of tech news, spell-check your shit, slashdot.

    2. Re:Don't use made up words by Quietust · · Score: 3, Informative

      For the benefit of people who mistakenly use it that way, the correct word is "viruses".

      --
      * Q
      P.S. If you don't get this note, let me know and I'll write you another.
    3. Re:Don't use made up words by Arancaytar · · Score: 3, Informative

      Armania concurs. :P

    4. Re:Don't use made up words by zorg50 · · Score: 4, Informative

      On top of that, every sentence in the summary contains at least one grammatical error.

    5. Re:Don't use made up words by totallynotthesameguy · · Score: 2, Informative

      More specifically: .COM infectors we super easy to write because they didn't have a huge header to deal with (like .exes did): code started at address 0x0100 and that's all. At least that's how I recall it.

      So an infector just loaded up a .COM file, changed 0x0100 so it was a jump to the end of the .COM file, and then appended the entire infector's code to the end of the .COM file. Finally, you append the very first instruction you overwrote, and a jump back to the beginning. And that's it, now the .COM is itself an infector. To not be obvious your infector should only infect a few .COMs at a time, otherwise your 486 would slow to a crawl hunting up files to infect.

      Of course, you could get more interesting (terminate and stay resident, more aggressively self-modifying code, etc), but that was the simplest virus I remember seeing.

    6. Re:Don't use made up words by Colonel+Korn · · Score: 2, Informative

      So we resort to poetry, and choose one that sounds good.

      I'll go with "virii" over "viruses" in almost every situation.

      Except in English we have no good way to pronounce "ii." Viruses sounds good because it never goes through an awkward double vowel phase. VIE-ree-IE is our best option for pronouncing virii, but it doesn't have great analogues in our language and involves a rare and limp lack of consonant sounds at the end.

      Often, I hear people pronouncing virii VIE-REE, VIE-RIE, or VIE-REE-EE. It's simply unclear which is correct to the majority of people who have already settled on virii as their preferred spelling of the plural. Hence, I find that virii is an incredibly unsuccessful word with a clearly superior alternative.

      If we wanted to go with a pseudo-Latin suffix, viri is clearly more familiar and more phonetically successful. The double i simply has no benefit.

      --
      "I zero-index my hamsters" - Willtor (147206)
  2. Re:What Operating System on those 30million PCs? by Anonymous Coward · · Score: 1, Informative

    That is a majority of the issue. However there is also the driveby website worms these days too. So you go to your favorite site which has been infected. Now you are... This has happened to many people I know. It is a fairly common way these days to pick something up. Yes the email vector is still popular. But this one is also effective.