Press Releases

Browse our press release archive

22 Aug 2008

Alleged Brazilian botmaster charged with selling access to 100,000 zombie PCs

Authorities in USA, Netherlands and Brazil co-operate to disrupt spam attack

Hackers take remote control of botnet computers. Image copyright (c) Sophos
Hackers make money by taking remote control of botnet computers.

IT security and control firm Sophos has welcomed news that authorities have charged a 35-year-old Brazilian with conspiring to cause damage to computers around the world.

According to reports, Abreu Neto controlled a botnet of 100,000 compromised computers, and leased access to third parties for 25,000 Euros. These zombie PCs could then be used to send spam, launch distributed denial-of-service attacks or commit identity theft. Neto now faces up to five years in prison and a fine of more than $250,000.

"The authorities should be congratulated for their efforts in investigating this case and prosecuting the guilty parties," said Graham Cluley, senior technology consultant at Sophos. "But, what about the 100,000 infected computers that were unwillingly turned into foot soldiers for this criminal scheme? While catching the bad guys is the first step, it's essential that these innocent victims also clean up their PCs - without this, it's likely they'll just be playing a waiting game until another hacker exploits their lack of security and recruits them to another zombie network."

Dutch authorities apprehended Abreu Neto on July 29th, following assistance from the FBI's New Orleans field office and the Cyber Section of the Brazilian Federal Police. Neto allegedly worked with 19-year-old Nordin Nasiri of the Netherlands, to run the zombie network and lease infected computers.

Zombie computers - are your PCs under someone else's control?

Zombie computers can be used by criminal hackers to launch distributed denial-of-service attacks, spread spam messages or to steal confidential information. SophosLabs estimates that more than 99 percent of all spam today originates from zombie computers.

As spammers become more aggressive, collaborating with virus writers to create armies of zombie computers, legitimate organizations with hijacked computers are being identified as a source of spam. This not only harms the organization's reputation, but can also cause the company's email to be blocked by others.

Sophos ZombieAlertâ„¢ advises service subscribers when any computer on their network is found to have sent spam to Sophos's extensive global network of spam traps, and provides rapid notification to customers if their Internet Protocol (IP) addresses are listed in public Domain Name Server Block Lists (DNSBL). This information helps customers locate, disinfect, and protect these systems from future attacks.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy