All the latest UK technology news, reviews and analysis

Microsoft and Symantec take down Bamital botnet that had ensnared thousands of PCs

07 Feb 2013
Security padlock image

Microsoft and Symantec claim to have successfully shutdown the so-called Bamital botnet, ending a global cybercrime operation involving hundreds of thousands of infected PCs.

The two companies confirmed law enforcement agencies had raided a number of datacentres hosting the botnet's servers.

The Bamital botnet intercepted victims' requests from search engines like Google, Yahoo and Bing and redirected them to a number of malicious websites.

"Bamital is a malware family whose primary purpose is to hijack search engine results. In addition, Bamital generates non-user initiated network traffic, such as visits to websites and clicks on advertisements, with no user interaction," Symantec reported.

As well as its money-generating click fraud campaign, the botnet's authors are also believed to have used Bamital to spread other malware.

"Monitoring a single Bamital command-and-control (C&C) server over a six-week period in 2011 revealed over 1.8 million unique IP addresses communicating with the server, and an average of three million clicks being hijacked on a daily basis," Symantec claimed.

"The hijacking of clicks and subsequent redirection has led users to even more malware, including fake antivirus programs."

At its height, the malware is estimated to have infected over eight million Windows PCs and generated its authors in excess of £700,000 per year.

Bamital was mainly spread via a Windows software app, though it has also been infecting machines via infected websites.

Symantec and Microsoft both claim the takedown operation has severed the cyber crooks' connection to Bamital-infected computers.

The takedown happened after a US court granted Microsoft permission to seize servers associated with controlling the botnet from web-hosting facilities in Virginia and New Jersey on 6 February.

Microsoft has also begun alerting the owners of computers infected with Bamital, making it so that when enacting a web search they will be forwarded to an official Microsoft and Symantec webpage, alerting them to the problem.

However, security vendors warned the malware's authors may well return in the very near future.

"Anything which makes life more difficult for the cybercriminals, and disrupts their activities, has to be applauded," Sophos senior security consultant Graham Cluley told V3.

"The most important thing will be to bring those who write the malware, sell the malware, buy the malware, or profit from its use to justice. Unless the people behind Bamital and other malware operations are brought to book, the crime is just going to continue."

F-Secure researcher Sean Sullivan said while the crooks may return, the take down is still a big victory for the security industry.

"It's always good to see collaboration such as this. And even if the crooks return - it's the right thing to do. Legal takedown projects like this one are very time and resource consuming. So, kudos to Symantec (and the other parties) for taking it on," Sullivan told V3.

Microsoft has a strong track record of working to take down botnets such as Kehlios which it took offline in 2011.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Related jobs

Work location poll - office, remote or home?

Where do you spend most time working on your primary work device?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Beacon technology: what are the opportunities and how does the technology work?

This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Java Software Engineer - Financial Trading - Greenfield

Java Software Engineer/Java Developer - Core Java, Web...

Senior Developer/Designer - Innovative Financial Technology

HTML5/CSS3 Developer/Web Developer - UX/UI, HTML5, CSS2...

Business Analyst

Business Analyst | Sussex | 6 Month Contract | £400/Day...

Scrum Master

Scrum Master | Up £60,000 + Benefits | London A growing...
To send to more than one email address, simply separate each address with a comma.