A botnet that was believed to have illegally infected somewhere between 300,000 and 8 million machines and was raking in an estimated $1 million a year has been shut down by security experts. The Bamital botnet was shut down when teams working with Microsoft and Symantec anti-virus specialists raided several data centres in the US. Microsoft and Symantec claim that the computers infected by the Bamital botnet were being used illegally for identity theft. Thousands of affected users have been offered free tools to help to clean up infected machines.
A botnet is a network of computers that have been infected by a virus, allowing hi-tech criminals to use them remotely. Botnets are an increasing problem for anti-virus and security firms, and computer users alike. Unlike other types of virus, botnets can often operate without having a noticeable effect on the machine in question, meaning users are generally unaware they are being targeted.
The Bamital botnet worked by hijacking user searches, and by tricking users into clicking on links on online advertisements. Bamital also had the ability to use the infected computers to “recruit” other machines into the network. By the time the Bamital botnet was shut down, Microsoft and Symantec believed anything between 300,000 and one million machines may have been actively infected.
To combat the botnet, Microsoft and Symantec temporarily disabled infected users’ ability to search the web. What these users saw when they logged on was a warning screen explaining the problem, and advice on how to solve it.
Speaking to the Reuters News Agency, Microsoft spokesman, Richard Boscovich, claimed that action against this botnet was long overdue:
“In the last two years, more than eight million computers have been attacked by Bamital. The botnet’s search hijacking and click fraud schemes affected many major search engines and browsers, including those offered by Microsoft, Yahoo and Google.”
“Because this threat exploited the search and online advertising platform to harm innocent people, Microsoft and Symantec chose to take action against the Bamital botnet to help protect people and advance cloud security for everyone.”
“Microsoft is also using the intelligence gathered in this operation to work with internet service providers and computer emergency response teams to help victims regain control of their computers. We think we got everything but time will tell,” Mr Boscovich said.
Since 2010, Microsoft has obtained court orders to shut down botnets as part of a wide-ranging operation known as Project Mars – Microsoft Active Response for Security. Microsoft works with US law enforcers to gather evidence on those behind the activity. Eighteen ringleaders of the Bamital botnet have so far been identified: they were believed to be based in several countries, including the UK, Australia and the US.
If your company needs help with security audits, penetration testing or web security solutions from Barracuda Networks, Check Point, Alien Vault and Netwrix, please contact Krypsys on 0845 474 3031 or [email protected].