Security news22 August 2008
Alleged Brazilian botmaster charged with selling access to 100,000 zombie PCs Authorities in USA, Netherlands and Brazil co-operate to disrupt spam attack
IT security and control firm Sophos has welcomed news that authorities have charged a 35-year-old Brazilian with conspiring to cause damage to computers around the world.
According to reports, Abreu Neto controlled a botnet of 100,000 compromised computers, and leased access to third parties for 25,000 Euros. These zombie PCs could then be used to send spam, launch distributed denial-of-service attacks or commit identity theft. Neto now faces up to five years in prison and a fine of more than $250,000.
"The authorities should be congratulated for their efforts in investigating this case and prosecuting the guilty parties," said Graham Cluley, senior technology consultant at Sophos. "But, what about the 100,000 infected computers that were unwillingly turned into foot soldiers for this criminal scheme? While catching the bad guys is the first step, it's essential that these innocent victims also clean up their PCs - without this, it's likely they'll just be playing a waiting game until another hacker exploits their lack of security and recruits them to another zombie network."
Dutch authorities apprehended Abreu Neto on July 29th, following assistance from the FBI's New Orleans field office and the Cyber Section of the Brazilian Federal Police. Neto allegedly worked with 19-year-old Nordin Nasiri of the Netherlands, to run the zombie network and lease infected computers.
Zombie computers - are your PCs under someone else's control?
Zombie computers can be used by criminal hackers to launch distributed denial-of-service attacks, spread spam messages or to steal confidential information. SophosLabs estimates that more than 99 percent of all spam today originates from zombie computers.
As spammers become more aggressive, collaborating with virus writers to create armies of zombie computers, legitimate organizations with hijacked computers are being identified as a source of spam. This not only harms the organization's reputation, but can also cause the company's email to be blocked by others.
Sophos ZombieAlert™ advises service subscribers when any computer on their network is found to have sent spam to Sophos's extensive global network of spam traps, and provides rapid notification to customers if their Internet Protocol (IP) addresses are listed in public Domain Name Server Block Lists (DNSBL). This information helps customers locate, disinfect, and protect these systems from future attacks.
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.
