Microsoft and Symantec have shut down the Bamital botnet, after obtaining a court order
to seize the network's controlling servers. The network, dedicated to redirecting users of computers infected with malware to incorrect search results and online advertisements, is estimated to have earned around $1 million per year for it's operators.
The raid on servers in a data center located in Virginia was followed by the data center's parent company taking down a second set of servers in the Netherlands, reports Reuters
, and is the sixth botnet take-down performed by Microsoft since 2010 that required a court order.
Malware for the botnet operated by hijacking search results being shown to users, taking them to malware-infected sites instead of the intended destination. An example given by Richard Domingues Boscovich, assistant general counsel for Microsoft's digital crimes unit, in a company blog post
sees a search for "Nickelodeon" offering results to one such site that distributed malware and spyware, effectively making the vulnerable computer even more vulnerable, while a link that would usually take visitors to an official Norton Internet Security page instead took visitors to one for a rogue antivirus download.
The takedown allowed Microsoft and Symantec to be in a position where the two companies could actually warn owners of machines involved in the botnet. Infected machines will now redirect to a dedicated webpage hosted by Microsoft that explains how to remove the malware, including providing links to online tools to remove and further protect the system in future.
Before the Bamital botnet takedown, believed to be affecting between 300,000 and 1 million machines, Microsoft has taken action against the Chinese 3322.org
botnet, the spam-focused Kelihos
botnet, and also turning evidence of the Rustock
botnet case over to the FBI.