Microsoft, Symantec take down central Bamital botnet servers
Microsoft and Symantec have shut down the Bamital botnet, after obtaining a court <a href="http://macnn.com/rd/278835==http://www.microsoft.com/en-us/news/download/blogs/2013/02-06SchmidtDecl.pdf" rel='nofollow'>order</a> to seize the network's controlling servers. The network, dedicated to redirecting users of computers infected with malware to incorrect search results and online advertisements, is estimated to have earned around $1 million per year for it's operators. <br />
The raid on servers in a data center located in Virginia was followed by the data center's parent company taking down a second set of servers in the Netherlands, <a href="http://macnn.com/rd/278836==http://www.reuters.com/article/2013/02/06/us-cybercrime-raid-idUSBRE91515K20130206" rel='nofollow' target="_self" title="">reports</a> <em>Reuters</em>, and is the sixth botnet take-down performed by Microsoft since 2010 that required a court order.
Malware for the botnet operated by hijacking search results being shown to users, taking them to malware-infected sites instead of the intended destination. An example given by Richard Domingues Boscovich, assistant general counsel for Microsoft's digital crimes unit, in a company blog <a href="http://macnn.com/rd/278837==http://blogs.technet.com/b/microsoft_blog/archive/2013/02/06/microsoft-and-symantec-take-down-bamital-botnet-that-hijacks-online-searches.aspx" rel='nofollow' target="_self" title="">post</a> sees a search for "Nickelodeon" offering results to one such site that distributed malware and spyware, effectively making the vulnerable computer even more vulnerable, while a link that would usually take visitors to an official Norton Internet Security page instead took visitors to one for a rogue antivirus download.
The takedown allowed Microsoft and Symantec to be in a position where the two companies could actually warn owners of machines involved in the botnet. Infected machines will now redirect to a dedicated webpage hosted by Microsoft that explains how to remove the malware, including providing links to online tools to remove and further protect the system in future.
Before the Bamital botnet takedown, believed to be affecting between 300,000 and 1 million machines, Microsoft has taken action against the <a href="http://macnn.com/rd/278838==http://www.electronista.com/articles/12/09/14/hundreds.of.strains.of.malware.hosted.on.70000.dom ains/" rel='nofollow' target="_self" title="">Chinese 3322.org</a> botnet, the spam-focused <a href="http://macnn.com/rd/278839==http://www.electronista.com/articles/11/09/27/botnet.accused.of.running.macdefender.scam/" rel='nofollow' target="_self" title="">Kelihos</a> botnet, and also turning evidence of the <a href="http://macnn.com/rd/278840==http://www.electronista.com/articles/11/09/22/fbi.gets.microsoft.evidence.in.spammer.case/" rel='nofollow' target="_self" title="">Rustock</a> botnet case over to the FBI.
|All times are GMT -4. The time now is 05:34 AM.||
Copyright © 2005-2007 MacNN. All rights reserved.
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2017, vBulletin Solutions, Inc.