Dutch police said in a translated news release that they have busted a local 'bulletproof' server hosting operation in a major takedown that also nabbed a pair of Mirai botnet operators.
The Netherlands' National Criminal Investigation Department and National Cyber Security Center operated jointly to track down and seize five servers that they say were being used as an underground 'bulletproof' hosting service for criminals.
The servers, housed at an unnamed data center in Amsterdam, had been the subject of thousands of complaints of malware infections as their operators had used the boxes to run exploits and control infected machines.
In this case, the police say, the people controlling those servers were a pair of Dutch nationals who had been running a Mirai botnet with cover from the bulletproof host. The duo, a 24 year-old man from Veendam and a 28 year-old man from Middelburg, had been offering the network of Mirai-infected devices as a for-hire distributed denial of service tool.
"The investigation also revealed that this botnet was very aggressively trying to infect other devices, up to over a million attempts per month on one device," the translated police statement reads.
"Which DDoS attacks can be attributed to this botnet is part of the further investigation."
Mirai botnet malware offspring graduates from uni, puts on a suit, slips into your enterpriseREAD MORE
Police said they plan to charge the pair with crimes including, but not limited to, computer intrusion and spreading malware. The cops hope that, by seizing the servers, they can take down this botnet once and for all.
The bust-up of a locally-based bulletproof host (a term used for server providers who don't ask questions of their customers and typically ignore takedown requests) should also prove significant.
While shady hosting operations have typically been associated with poorer, strife-ridden areas that have little in the way of government and police oversight, there are a number of advantages to having a bulletproof host located nearby in a major city, including reliability and lower latencies, that would make the Amsterdam datacenter a hot commodity with local cybercriminals.
Meanwhile, users and admins who are worried about falling victim to Mirai and other botnet malware should first reset the device to get rid of any locally running code, then make sure they have changed default passwords and double-checked their firewall settings and updated all firmware. ®