On Oct’25, Netherlands authorities took action against Win32/Bredolab botnets and person(s) who may be responsible for this threat as part of an investigation codenamed TOLLING- project named TAURUS. Note that Bredolab isn’t a singular botnet, rather there’re numerous Bredolab botnets deployed, each with a distinct set of masters.
As you can see from the chart below, following takedown and other response actions (such as the inclusion of a threat family in MSRT). As with many other botnets, Win32/Bredolab can be removed with MSRT as well as other antimalware products such as Microsoft Security Essentials and Forefront family of products.
What’s important to note is that taking or wresting control of a botnet’s infrastructure, by itself, isn’t a complete solution; not only are there still infected machines, but there’s also the ability for the parties behind the threat to continue their efforts to distribute new instances of threat. It’s the combination of technical and legal approaches which seem to have greatest positive effect.