Dutch govt disrupts malware botnet with 17 million infected devices

Dutch authorities have taken offline a massive botnet of 17 million devices and seized more than 200 servers at a local provider that supported the operation.

The action was carried out following an investigation from the Police in collaboration with the country's cybersecurity agency, the National Cyber ​​Security Centre (NCSC).

According to the authorities, the seized servers controlled "computers, tablets, and smartphones to carry out cyberattacks."

Botnets are networks of compromised devices used for illegal activities such as distributed denial-of-service (DDoS) attacks, malicious traffic proxying, or cryptocurrency mining.

“The investigation revealed that the botnet consisted of at least 17 million infected devices and that the 200 servers used to host the infrastructure were located in the Netherlands,” the NCSC said.

“ The police subsequently seized several botnet servers from a hosting provider for investigation purposes. The hosting provider took the botnet offline because it was being used for criminal activities.”

Although the authorities did not name the botnet, local media reported that it was linked to a service called Asocks, which advertises itself as a “universal proxy service” with 7 million IP addresses, 150 locations, and 100,000 clients.

The platform offers corporate, residential, and mobile proxies for monthly subscriptions between $5 and $15, with discounts for bulk purchases.

Although such services often comprise IPs that voluntarily donate bandwidth by using a specialized client in exchange for a fee, NCSC’s action indicates that the owners of the devices that were part of the botnet did not knowingly participate in supporting cybercrime operations.

BleepingComputer has contacted Asocks with a request for a comment on the allegations, but we have not received a response by publication time.

To protect networking devices from botnet infections, ensure the default credentials have been changed to something unique and strong, the latest firmware update has been applied, and remote administration panels are disabled when not needed.