, 27 in Yerevan's "Zvartnots" International Airport on suspicion of constructing and running a massive botnet, at one point infecting up to 29 million computers in countries including Italy, Spain, South Africa, the U.S. and the U.K.
The botnet was constructed with the help of Bredolab - a type of malicious software program that can steal login and password details, log keystrokes, and steal any data from an infected computer. The Bredolab botnet was capable of infecting up to 3 million computers per month. By the end of last year, it was estimated that 3.6 billion spam e-mails were sent out daily containing the Bredolab malware, according to the Dutch High Tech Crime Team.
The team said it has disconnected and seized 143 servers used for Bredolab, working with the Dutch Forensic Institute, Govcert.nl, the Dutch computer emergency response team, and the security vendor Fox IT. The 143 servers were part of the network run by LeaseWeb, the largest hosting provider in the Netherlands, and had been hired through one of LeaseWeb's resellers.
The Armenian man was tracked down in a joint effort between Fox IT, which is based in the Netherlands, and Dutch law enforcement. The man is suspected of renting computers that had been infected with Bredolab to cybercrime players in other countries, said Ronald Prins, founder of Fox IT.
Dutch prosecutors believe that Avanesov made up to €100,000 ($139,000) a month from renting and selling his botnet just for spam, said Wim De Bruin, spokesman for the Public Prosecution Service in Rotterdam. Avanesov was able to sell parts of the botnet off "because it was very easy for him to extend the botnet again," by infecting more PCs, he said.
The Armenian cyber-criminal is currently being held by the Armenian authorities. Armenia has no extradition agreement with the Netherlands, so the Dutch law-enforcement agencies are considering the possibility of holding trial in Armenia.