Bredolab botnet shut down

Tentacle
Bredolab, a botnet believed to have spread its tentacles around the world, infecting some 30 million computers, has been beheaded following action from the Dutch National Crime Squad.

Dutch police announced the takedown of the botnet, which was used to distribute malware to unsuspecting computer users. The authorities were assisted by members of the computer security community, and Netherlands-based hosting provider LeaseWeb, who provided the servers that were running Bredolab’s command systems.

In total, 143 computer servers are now no longer under the control of malicious hackers.

Instead, the botnet’s control center is under the command of the authorities, and they are able to use it to display a warning to owners of infected computers:

Sign up to our free newsletter.
Security news, advice, and tips.

Victims of the Bredolab botnet are seeing warnings on their computer

SophosLabs has seen very large numbers of samples of malware connected with the Bredolab botnet – so any action which has been taken to curtail its activities has to be welcomed.

The main intent of Bredolab is to download other malware onto the users’ computers. Some of the attacks we have seen distributed this way include fake anti-virus software (also known as scareware).

Typically, the attacks were spammed out via old-fashioned, but still worryingly successful, spam campaigns as malicious attachments. In other words, no zero day exploits, no sophisticated new techniques, just effective social engineering to make people run the attachments in the first place.

As the figure of “30 million infected PCs” is being bandied about, it’s really a testament to how effective such old school techniques can still be.

LeaseWeb certainly need to be given some credit for working closely with the authorities to bring down the rogue servers. Clearly it would have been preferable if the server space had not been sold to cybercrriminals in the first place, but by accounts they acted responsibly once they found out. Not all hosting companies across the globe would be so helpful.

Good as the news of the take-down of the Bredolab botnet is, we can’t expect the hackers behind it to hang their hats up and turn their back on cybercrime. The servers may be under the control of the Dutch police, but the hackers are still free to commit crimes.

Update: Maybe I spoke too soon – a man suspected of operating the Bredolab botnet has been arrested.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.