Yesterday, the creator of a Botnet consisting of more than 100.000 Zombies has been arrested. The 19-year old Dutch and his 16-year old brother are said to be the botmasters of what once was a botnet peaking 150.000 compromised hosts…
Also arrested was a 35-year old Brazilian that wanted to buy the botnet for his malicious activities – at the price of 25.000€ (US$37.290). The bust was a cooperation between the Dutch High Tech Crime unit and other international forces such as the F.B.I.
The botnet spread on Windows Live Messenger without the help of exploits but using a social engineering approach.
Would-be victims received a message from friends on their contactlist with a link and were asked to click on it – once infected they would then message their friends.
If you suspect to be zombified, one way to spot an infected machine is to check it for outgoing connections to the host “elena.ccpower.ru” on port 3306.
Antivirus company Kaspersky has put together a webpage with information on how to get rid of the bot – it however is advised to perform a full system scan with AV as well as spyware scanners since Shadow possibly also installed adware on the victims computer.