The number is not a typo. 30 million computers were hijacked and controlled by 143 servers. This cybercrime feat was engineered by Georg Avanesov, a Russian citizen of Armenia descent. He was earning about $125,000 a month renting out time on his botnet to spammers, malware distributors, and fake antivirus scams. They were even involved in several denial-of-service attacks. At one time it was responsible for sending out 3 billion infected spam email messages a day. Some of his hijacked PCs were involved in the Bredolab cybercrime operation.
In several cases, he would recover FTP passwords from hijacked computers that would allow him to access web servers and insert malware downloads into the pages of commercial websites to infect and recruit even more computers. As a side note, this is why you do not let your applications or computer “remember” your passwords for you.
He is currently serving 4 years in an Armenian prison for “computer sabotage.” He has the distinction of being the first person to be convicted of computer crime in Armenia. The longer story is available on Sophos blog site.
Share
JUN
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com