Dutch police arrested three men for creating a botnet of more than 100,000 compromised PCs, authorities in the Netherlands said Friday. They allege the botnet was used in an attempt to extort a U.S. company, to steal PayPal and eBay accounts, and to install adware and spyware.
The pinch is among the biggest botnet scores ever for law enforcement, Dutch authorities said. "With 100,000 infected computers, the dismantled botnet is one of the largest ever seen," the Public Prosecution Service (Openbaar Ministerie, or OM) said in a statement. The network of hijacked PCs and servers consisted of machines worldwide.
The three men, ages 19, 22, and 27, allegedly used the Toxbot (aka Codbot) Trojan to infect the machines, on which they then installed adware and spyware. The massive botnet was also used to conduct a denial-of-service (DoS) attack against an unidentified U.S. company in an extortion attempt to squeeze payment for not bringing down the firm's Web site.
Police also said that the trio -- which was led by the 19-year-old -- used phishing tactics to hijack PayPal and eBay accounts, then "used to pay for goods ordered on the Internet."
Not stopping there, said prosecutors, the three also may have written viruses for others, who paid the hackers to come up with tools for stealing online bank account usernames and passwords.
Toxbot/Codbot harks to February 2005, and has been successfully tweaked numerous times, said Graham Cluley, a senior technology consultant for U.K.-based security firm Sophos, in an apparent attempt on the part of the three to stay one step ahead of anti-virus vendors.
"Each time the Trojan was stopped by anti-virus defenses, they made a new version," he said. "This was not just a one-off. The sheer number of variants shows this wasn't a crime they committed just once."
It would likely take many attacks, Cluley added, for the attackers to have collected 100,000 controlled PCs that made up the reported botnet.
Police seized computers, cash, a sports car, and bank accounts at the three men's residences, and additional arrests are expected. The three were to be taken before a magistrate in Breda, a city approximately 25 miles south of Rotterdam, on Friday.
The botnet was dismantled, prosecutors said, with help from the Dutch National High Tech Crime Center; GOVCERT.NL, the Netherlands' Computer Emergency Response Team; and several Internet service providers, including the Amsterdam-based XS4ALL.
Although Cluley didn't think the arrests would make a serious dent in the number of zombie PCs controlled by hackers' botnets, he did applaud the heat authorities have put on hackers and scammers this year.
"There have been many more arrests in 2005 and 2004 than in years prior," Cluley noted. "More and more countries are clued in about computer crime, especially as it's become clear that there's so much money to be made. If nothing else, the continued arrests have proven that hacking is a more dangerous pursuit than it once was.
"But there are still a lot escaping justice."