Bredolab: Jail for man who masterminded botnet of 30 million computers

Prisoner. Image courtesy of ShutterstockA man who was in command of a botnet of some 30 million computers worldwide has been sentenced to four years jail in Armenia.

According to prosecutors, Georg Avanesov was earning 100,000 Euros (£80,000 or $125,000) a month from his Bredolab botnet business, renting out access to the compromised computers to criminals who wanted to send out spam, and spread malware and fake anti-virus attacks.

The criminal income allowed the hacker to live a pretty lavish lifestyle by all reports, as he jetted off to the Seychelles with his attractive girlfriend and fancied himself as a DJ.

At its peak, it is estimated that Avanesov’s botnet was spewing out over 3 billion infected emails every day.

Sign up to our free newsletter.
Security news, advice, and tips.

Yerevan airport in ArmeniaAvanesov’s comeuppance began in October 2010, when Dutch police announced that they had wrestled control of 143 Bredolab botnet command & control servers, and were using it to display a warning to infected computer users.

The very next day, the botmaster was arrested by the authorities as he arrived on a late night flight from Moscow to Yerevan Airport in Armenia.

Georg Avanesov – a Russian citizen of Armenian descent – didn’t mind selling off access to his botnet, because he found it so easy to expand it by hijacking even more computers.

Legitimate websites were hacked to spread malicious payloads that infected recruited visiting computers into the botnet, and further malware would be installed which stole usernames and passwords to FTP accounts. This would inevitably result in even more websites becoming infected.

(There’s an important lesson for website administrators to learn here. Don’t tell your FTP software to remember your passwords, because if they are not held securely they could be scooped up by malware).

Often, attacks designed to recruit new computers into the botnet would be spammed out. On occasion, the emails would pretend to come from the likes of Facebook, Skype and Amazon with an attached HTML file, luring users into clicking and being ultimately infected by a compromised third-party website.

Bogus Skype email

It’s easy to imagine how some recipients would be easily tricked into clicking on attachments, even if it were out of curiousity.

Bogus Facebook email

The botnet was also used to launch distributed denial-of-service attacks, effectively blasting websites off the net with the sheer amount of unwanted traffic sent to them from hijacked PCs.

Of course, others were definitely involved in the Bredolab cybercrime operation, and we will have to wait and see if they are ever brought to justice.

And it may not be the end of the story for Avanesov either – as it is possible that lawsuits may still be filed by overseas parties for the crimes that were committed worldwide.

Lawyers defending Avanesov were quoted as claiming that their client “did not intend to deliberately harm anyone” with his activities, but clearly that argument didn’t find much support at the district court in Yerevan which sentenced him to four years in jail for “computer sabotage”.

The judgment is something of a historic event in Armenia – as it is the first such computer crime-related sentence to be handed out in the country.

Prisoner image courtesy of ShutterStock

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.