Security news
Security news22 August 2008
Alleged Brazilian botmaster charged with selling access to 100,000 zombie PCs Authorities in USA, Netherlands and Brazil co-operate to disrupt spam attack
IT security and control firm Sophos has welcomed news that authorities have charged a 35-year-old Brazilian with conspiring to cause damage to computers around the world.
According to reports, Abreu Neto controlled a botnet of 100,000 compromised computers, and leased access to third parties for 25,000 Euros. These zombie PCs could then be used to send spam, launch distributed denial-of-service attacks or commit identity theft. Neto now faces up to five years in prison and a fine of more than $250,000.
"The authorities should be congratulated for their efforts in investigating this case and prosecuting the guilty parties," said Graham Cluley, senior technology consultant at Sophos. "But, what about the 100,000 infected computers that were unwillingly turned into foot soldiers for this criminal scheme? While catching the bad guys is the first step, it's essential that these innocent victims also clean up their PCs - without this, it's likely they'll just be playing a waiting game until another hacker exploits their lack of security and recruits them to another zombie network."
Dutch authorities apprehended Abreu Neto on July 29th, following assistance from the FBI's New Orleans field office and the Cyber Section of the Brazilian Federal Police. Neto allegedly worked with 19-year-old Nordin Nasiri of the Netherlands, to run the zombie network and lease infected computers.
Zombie computers - are your PCs under someone else's control?
Zombie computers can be used by criminal hackers to launch distributed denial-of-service attacks, spread spam messages or to steal confidential information. SophosLabs estimates that more than 99 percent of all spam today originates from zombie computers.
As spammers become more aggressive, collaborating with virus writers to create armies of zombie computers, legitimate organizations with hijacked computers are being identified as a source of spam. This not only harms the organization's reputation, but can also cause the company's email to be blocked by others.
Sophos ZombieAlert™ advises service subscribers when any computer on their network is found to have sent spam to Sophos's extensive global network of spam traps, and provides rapid notification to customers if their Internet Protocol (IP) addresses are listed in public Domain Name Server Block Lists (DNSBL). This information helps customers locate, disinfect, and protect these systems from future attacks.
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
