How the Botnet Operated
Dutch authorities, including the Politie and the National Cyber Security Center (NCSC), have dismantled a sprawling botnet that had compromised at least 17 million devices worldwide. The infected devices included computers, smartphones, tablets, and Internet of Things (IoT) gadgets. More than 200 servers hosted in the Netherlands formed the backbone of this criminal network. Law enforcement seized a subset of these servers from a hosting provider, which then took the entire botnet offline after discovering it was being used for illegal activities. Local news reports identified the service as a residential proxy provider that sold access to compromised devices.
Impact and Scope
The botnet was operated as a commercial proxy service, selling subscriptions to customers who wanted to route their internet traffic through the infected devices. Pricing ranged from $5 to $15 per month, with discounts for bulk purchases. While residential proxies have legitimate uses, such as accessing geo-restricted content, this network specifically catered to cybercriminals who used the compromised devices to launch attacks and hide their true locations. The NCSC emphasized that devices become part of such botnets when attackers gain access, often through malware that allows remote control. Users are advised to keep their operating systems updated, use strong passwords, enable two-factor authentication, and only install apps from trusted sources to reduce the risk of infection.
Source: The Hacker News
