Epress.am News from Armenia
Dutch police have uncovered new details related to Bredolab computer virus network, whose mastermind was arrested in Yerevan a few days ago.
The latest look at the botnet by FireEye’s Malware Intelligence Lab shows that two domains are being used to issue instructions to infected computers. PCs that are infected with Bredolab are programmed to check in with certain domains in order to receive new commands, writes Atif Mushtaq in FireEye.
One domain, which is on an IP address registered with a collocation facility in Kazakhstan, is telling infected computers to download a fake antivirus program called Antivirusplus, Mushtaq said.
The other domain is instructing computers compromised with Bredolab to send spam. That domain is hosted on an IP address assigned to a collocation facility in Russia.
As reported earlier, at around 10 am on Oct. 26, Armenian police criminal investigation unit staff and Zvartnots Yerevan International Airport employees arrested citizen of Russia, ethnic Armenian Georgy Avanesovi, 27, who was the mastermind behind the Bredolab network.
Investigators said they dismantled a criminal network that had used computer servers in the Netherlands to infect at least 30 million computers worldwide with a virus that allows others to obtain information like bank passwords from infected computers.
Working with Dutch police, Armenian authorities arrested Avanesovi on Tuesday for allegedly controlling Bredolab. If he is extradited to the Netherlands, he could face between four and six years in prison.