Dutch police notify botnet victims

Police in the Netherlands have claimed a world first after warning victims whose computers were infected by a botnet that was shut down last week. The victims will be forwarded to a special web page offering instructions on cleaning up their systems.

Share

Police in the Netherlands have claimed a world first after warning victims whose computers were infected by a botnet that was shut down last week. The victims will be forwarded to a special web page offering instructions on cleaning up their systems.

The high-tech crime unit of the police started issuing the warnings on Wednesday. Users with infected systems are automatically sent a special page when they log onto the internet. The page offers instructions on disabling the botnet, as well as a link to Kaspersky's online virus scanner and a request to file charges against the botnet herder, a 19- year-old man from the Dutch city of Sneek who was arrested last week.

The page, which was created in cooperation with Kaspersky Labs, marks the first time that botnet victims have been proactively warned by authorities, said Eddy Willems, a virus evangelist with Kaspersky Labs in the Netherlands. "This might initiate other actions in neighboring countries, so we can continue doing this in a coordinated fashion throughout the European Union," Willems told Webwereld, an IDG affiliate. "That would be a good way to fight these crimes."

Releasing a computer from the controls of the botnet might not be for the amateur computer user. Users among other things have to dig into the Windows registry and disable a rootkit that prevented detection of the malware by the user and security software. Willems cautions that users should be careful even after they have followed the step-by-step removal instructions, because the computer is likely to contain additional malware and viruses.

Authorities are able to forward victims to the special page because they have taken over control of the botnet. Infected computers will contact a central server in Russia for instructions. Normally this controlling server will order the computers to start malicious tasks such as sending spam, hosting child pornography or launching a distributed denial of service attack. But the server has been reprogrammed to forward the systems to the warning page.

The botnet herder was arrested last week after he tried to sell his network to a man in Brazil for €25,000 (US$38,300). At the time, the botnet was estimated to have snared 100,000 computers. Willems claims current estimates peg the number of infections at 140,000 to 150,000.

"Recommended For You"

Mariposa botnet: Alleged hacker arrested in Slovenia Security firms disable second Kelihos botnet