Dutch govt disrupts malware botnet with 17 million infected devices
Patch: Update device security, change default credentials, apply firmware updates, disable remote admin.
Patch: Update device security, change default credentials, apply firmware updates, disable remote admin.
Summary
Dutch authorities seized 200 servers and took offline a botnet comprising 17 million infected devices, according to the National Cyber Security Centre.
The botnet, linked to the proxy service Asocks, operated with 7 million IP addresses across 150 locations and served 100 000 clients. Asocks offers corporate, residential, and mobile proxies for $5–$15 per month, but the seized infrastructure was used for criminal activity such as DDoS, malicious traffic proxying, and cryptocurrency mining. The operation involved a hosting provider that disabled the botnet after the police seized the servers. The NCSC noted that the infected devices were not knowingly participating in the botnet, implying a large scale compromise. The case highlights the importance of securing default credentials, applying firmware updates, and disabling remote administration panels on networking devices.
Key changes
- 17 million infected devices seized, 200 servers taken offline
- Botnet linked to Asocks proxy service with 7 million IPs, 150 locations, 100 000 clients
- Asocks offers corporate, residential, mobile proxies for $5–$15/month
- Infrastructure used for DDoS, malicious traffic proxying, crypto mining
- Hosting provider disabled botnet after police seized servers
- NCSC notes devices were not knowingly participating
- Highlights need for securing default credentials
- Emphasises firmware updates and disabling remote admin