GitHub

At the end of last week, the Dutch police, together with the National Center for Cybersecurity (NCSC) of the country, managed to strike a huge botnet. 200 servers and 17 million infected devices included the botnet used for criminal purposes.

This is shared by the NCSC on its website. According to this, an IT security researcher has given decisive indications that have triggered investigations by the police unit The Hague and the NCSC. These showed that the botnet consisted of at least 17 million infected devices controlled by an infrastructure of 200 servers located in the Netherlands. The drones include devices such as computers, tablets and smartphones, but also smart home devices and routers.

Drones designate infected devices that act on the command of the management server (Command-and-Control server) and, for example, start DDoS attacks or, in the case of “residential proxy services”, redirect the traffic of the criminals and thus anonymize them.

Several servers seized and further investigated the police at a hosting provider. The botnet was then taken offline by the hosting provider after it was clear that it was used for criminal purposes.

Botnet as “Residential Proxy Service”

The NCSC does not go further into the details, but NLTimes reports that it was the “Asocks” botnet. This serves primarily as a concealment service, as a “residential proxy service”. Inadequately protected end devices of consumers infect the criminal wire pullers behind the botnet with the malicious code that makes the devices nodes within this “Asocks” proxy network. This allows users of the service to conceal their actual origin.

Video by heise

The “Asocks” botnet has been used to route Internet traffic and to launch large-scale cyber attacks. The owners of the infected devices usually don't know anything about it. The NCSC therefore still provides tips for end users: operating systems, routers and apps should always be kept up-to-date. They should also keep an overview of their devices on the network. Passwords should not be used again, but be individual; the standard passwords of the devices should also change users. Software and apps should also come from trusted sources.

The law enforcement authorities are repeatedly violating such criminal botnets. In mid-March, the proxy botnet “SocksEscort” with more than 369.000 drones was shut off by international criminal prosecutors.

(dmk)

![Dutch prosecutors lame Botnet with 17 million drones](https://heise.cloudimg.io/bound/1200x1200/q85.png-lossy-85.webp-lossy-85.foil1/_www-heise-de_/imgs/18/5/0/9/2/1/0/1/shutterstock_507108913-dee841865c7ce6e3.jpg)