Russian Spammer Gets Four Years for Bad Behavior

Nothing’s quite as satisfying as when a badly behaved child gets a time out for throwing a temper tantrum, if for no other reason than it silences the kid and gives you a much-needed opportunity to hear your own thoughts. The cyberworld equivalent of that metaphor is when a cyberbrat gets sent to a corner for creating way too much noise in our inboxes. Such is the case for the 27 year old creator of a nasty botnet, who last week got sent to the corner for four years so he could think about his bad behavior.

Georgi Avanesov, the creator of the Bredolab botnet, was sentenced to four years in Armenian prison on Tuesday. Arrested in 2010, Mr. Avanesov designed his botnet to grow through a variety of means, including both automated attacks and spam emails. At its high point, Bredolab was sending more than three million spam emails a day and netted Mr. Avenesov about 100,000 euros ($125,000) a month in revenues. Bredolab is estimated to have created more than 30 million zombies around the globe.

Bredolab, according to prosecutors, was created in Armenia in early 2009. Utilizing servers in France and Holland to spread globally, the first instances of the Trojan being served up by Bredolab were discovered in May 2009, although Bredolab didn’t really catch a lot of attention until August of that year, when a major surge in the botnet’s activity occurred.

According to Wired Magazine, his ill-gotten gains were primarily from “renting out access to compromised computers in his botnet so that criminals could use them to spread other malware, send out spam, or use them to conduct distributed denial-of-service attacks.”

As a result of Mr. Avanesov’s enterprising nature, Bredolab was a major headache in all sorts of ways, from e-mail spam to malware and scareware.

After being arrested, Avanesov fessed up to creating Bredolab, but in an ‘I don’t give a crap’ moment, he tried to garner sympathy when he told the police that he had no idea what the software was being used for. He just made it available to others, he argued, without any knowledge of criminal intent or usage.

“Georgi Avanesov did not know anyone [involved in cyber crime] and did not intend to deliberately harm anyone,” his lawyer, Gengam Hakobian, told the Armenian newspaper Aravot.

Let’s all take a moment to feel sorry for Mr. Avanesov. A microsecond should do nicely.

In 2010, Dutch authorities seized about 143 C & C servers and began to trace it back to Avanesov as they dismantled it. He was arrested the day after at Zvartnots International Airport in Yerevan, Armenia, flying in from Moscow.

According to PC Advisor, in addition to the charge of computer sabotage, Avanesov was also charged with “altering information stored on a computer system through means of unauthorized access, stealing computer data, creating hacking software with the intention of selling it and distributing malicious software,” although these charges were later dropped and the court only found Avanesov guilty of computer sabotage.

Although Dutch authorities were largely successful in dismantling Bredolab, a few command nodes still exist, and even though the botnet only served up three million spam emails a day during its lifespan, it was capable of serving 3.6 billion emails a day.

This is the first time Armenia has convicted a computer criminal for computer crimes, and here’s hoping it’s not the last.

Written by Malcolm James


  1. Don Kamura · May 29, 2012

    Too much greed puts anyone in a spotlight. If the botnet activity did not increase, it would be probable that he could still operate until now. Geez, he was making a lot of money already. Why want more? You really can’t satisfy the insatiable human greed. Indeed, oftentimes our own enemy is ourselves.

    But, please, throw out the ignoramus plea. If you are brilliant enough to have created it, you would know what it would be used for. So, no, sorry. I, for one, don’t believe your defense. And it neither did the court which convicted this guy. So, who’s next?

  2. Lauren Ayers · May 29, 2012

    He had no idea what people were doing with his botnet? Really? That’s like starting a “Getaway Car Service” and thinking that by not asking any questions you aren’t involved in the crime. He deserves his punishment and hopefully he learns his lesson in the slammer.

  3. Jessica Craig · May 30, 2012

    Music to my years! Every major spammer behind bars is good news! Too bad the void is quickly filled by somebody else but silence from spammers, even temporarily, is always good! It so nice to see that a spammer can be sentenced for his crimes. :)

  4. Daniella Montes · May 31, 2012

    Just four years? That time can easily go by, you know. Lawmakers and regulators need to make it more painful for spammers to do their job.

    Come to think of it. How easy is it to choose between 1 million vs 4 years in jail? And getting that 4 years is even less probable than getting that 1 million. How many people are getting those sentences? Barely less than 20, I think. And how many people have already had millions from doing that illegal act? My confident guess would be more than a hundred.

    See how inadequate our legislations are against these things. Time to dial up our congressmen!

  5. Kenn · February 21, 2013

    @Daniella Montes – 4 years in an Armenian prison is probably worth 16 years in the Hilton Hotels we call prisons in the US. He probably won’t even survive his term. If he does, he will have Hep C, be emaciated and a hollow shell of his old self. 4 years is probably sufficient!

Leave A Reply