Botnet of more than 17 million devices dismantled

超过 1700 万台设备的僵尸网络被取缔

Authorities in the Netherlands said they dismantled a botnet that comprised more than 17 million devices and were managed by 200 servers in a joint operation by the police and the National Cyber Security Center. The action, announced Thursday, came about after a security researcher reported the sprawling network to authorities. The host infrastructure was located in the Netherlands. 荷兰当局表示，在警方与国家网络安全中心（NCSC）的一次联合行动中，他们成功取缔了一个由 200 台服务器管理、包含超过 1700 万台设备的僵尸网络。此次行动于周四宣布，此前一名安全研究人员向当局举报了该庞大的网络。该僵尸网络的托管基础设施位于荷兰境内。

Used for criminal purposes “The police then seized several botnet servers from a hosting provider for investigation,” the NCSC said. “The botnet was taken offline by the provider because it was used for criminal purposes.” 用于犯罪目的。NCSC 表示：“警方随后从一家托管服务商处查封了多台僵尸网络服务器以进行调查。由于该僵尸网络被用于犯罪目的，服务商已将其下线。”

According to a report Thursday by the NL Times, the botnet was linked to ASOCKS, a Russia-based company that provides residential proxy services. These services cater to people and organizations who want to obscure their locations or identities by proxying their Internet traffic through third-party devices. Proxy services are often used for illicit or unethical purposes such as performing DDoS attacks, running botnet command-and-control servers, operating phishing operations, and scraping website content. 据《荷兰时报》（NL Times）周四报道，该僵尸网络与一家名为 ASOCKS 的俄罗斯公司有关，该公司提供住宅代理服务。这些服务旨在满足那些希望通过第三方设备代理互联网流量来隐藏其位置或身份的个人及组织。代理服务常被用于非法或不道德的目的，例如发动 DDoS 攻击、运行僵尸网络命令与控制服务器、进行网络钓鱼以及抓取网站内容。

Ars was unable to independently confirm the NL Times report, but the claim checks out. Thursday’s NCSC post linked to a separate post that the nonprofit organization published a day earlier. That post, in turn, was updated to add a link to Thursday’s post. Wednesday’s post, headlined “Residential proxies and their major impact on digital security in the Netherlands,” warned: “Residential proxies are used to maintain anonymity and circumvent geographical restrictions. In this way, a Dutch organization can be attacked with Dutch proxies that have similarities with ‘regular’ traffic, making cybercrime mitigation more difficult.” Ars 无法独立证实《荷兰时报》的报道，但该说法基本属实。NCSC 周四发布的文章链接到了该非营利组织前一天发布的一篇帖子，而那篇帖子随后也进行了更新，添加了指向周四文章的链接。周三发布的文章标题为《住宅代理及其对荷兰数字安全的主要影响》，文中警告称：“住宅代理被用于保持匿名和规避地理限制。通过这种方式，攻击者可以使用与‘正常’流量相似的荷兰本地代理对荷兰组织发起攻击，这使得网络犯罪的防御变得更加困难。”

In 2024, security firm Human said its researchers found evidence that a botnet named Proxylib was tied to ASOCKS. The evidence included (1) Proxylib-infected IP addresses and port numbers that were returned by an Asocks proxy-list endpoint and (2) requests made to asocks[.]com exiting through an infected test device. Twenty-eight apps available in Google Play had enrolled as many as 190,000 devices into the Russia-headquartered proxy network without user approval. Questions emailed to ASOCKS received no response. 2024 年，安全公司 Human 表示，其研究人员发现了名为 Proxylib 的僵尸网络与 ASOCKS 关联的证据。证据包括：（1）由 Asocks 代理列表端点返回的受 Proxylib 感染的 IP 地址和端口号；（2）通过受感染的测试设备发出的指向 asocks[.]com 的请求。Google Play 上架的 28 款应用程序在未经用户许可的情况下，将多达 19 万台设备纳入了该总部位于俄罗斯的代理网络。发送给 ASOCKS 的询问邮件未获回复。

It’s unclear how the 17 million devices controlled by the botnet taken down by the Dutch police came to be that way. In some cases, such devices are infected through exploited software vulnerabilities or through the installation of malicious apps. In some cases, apps disclose the behavior, often in small or obscured print. Other times, apps disclose the proxy arrangement outright. 目前尚不清楚荷兰警方取缔的僵尸网络所控制的 1700 万台设备是如何被感染的。在某些情况下，这些设备是通过利用软件漏洞或安装恶意应用程序被感染的。有时，应用程序会在细小或模糊的文字中披露此类行为，也有时会直接说明代理安排。

People who want to prevent their devices from being swept into botnets should install security updates in a timely manner and resist the urge to continue using software or devices that no longer receive them. People should carefully research apps before installing them and then only when they provide a true benefit. Apps should be uninstalled when they’re no longer needed. 希望防止设备被卷入僵尸网络的用户，应及时安装安全更新，并避免继续使用已停止更新的软件或设备。用户在安装应用程序前应仔细研究，仅在确有必要时才进行安装。不再需要的应用程序应及时卸载。