Brazilian Indicted For Operating Shadow Botnet

A Brazilian man alleged to have infected over 100,000 computers with malware was indicted in New Orleans on Thursday, the U.S. Department of Justice said.

Leni de Abreu Neto, 35, of Taubate, Brazil, has been charged with one count of conspiracy to cause damage to computers for his alleged role in running, and selling access to, an illegal botnet, known as the Shadow botnet.

A botnet is a network of computers that have been subverted using malware so that they can be controlled remotely, typically without the owner's knowledge. Botnets are a major source of spam, denial of service (DoS) attacks, and other malicious activity online.

The indictment against Neto alleges that he participated in a conspiracy to create and operate a botnet with Nordin Nasiri, 19, of Sneek, Netherlands. Dutch authorities are prosecuting Nasiri in the Netherlands; U.S. authorities have begun proceedings to extradite Neto to the U.S. for trial.

The Shadow botnet was created using Microsoft Windows Live Messenger instant messages that included links to malicious files. Rather the taking advantage of a software vulnerability, the botnet grew using social engineering -- IM recipients downloaded the malicious files willingly because the IM messages appeared to come from a known contact.

Kaspersky Lab, which has been helping Dutch authorities in the investigation, has posted information that explains how to remove Shadow bot malware.

According to the indictment, Neto arranged to sell the botnet on behalf of Nasiri for about 25,000 euros. He allegedly completed the transaction using ePassporte, an online payment system, on July 29, 2008.

Neto could receive as much as five years in prison and a fine of at least $250,000 if convicted.