- V3 Apps
Microsoft and Symantec claim to have successfully shutdown the so-called Bamital botnet, ending a global cybercrime operation involving hundreds of thousands of infected PCs.
The two companies confirmed law enforcement agencies had raided a number of datacentres hosting the botnet's servers.
The Bamital botnet intercepted victims' requests from search engines like Google, Yahoo and Bing and redirected them to a number of malicious websites.
"Bamital is a malware family whose primary purpose is to hijack search engine results. In addition, Bamital generates non-user initiated network traffic, such as visits to websites and clicks on advertisements, with no user interaction," Symantec reported.
As well as its money-generating click fraud campaign, the botnet's authors are also believed to have used Bamital to spread other malware.
"Monitoring a single Bamital command-and-control (C&C) server over a six-week period in 2011 revealed over 1.8 million unique IP addresses communicating with the server, and an average of three million clicks being hijacked on a daily basis," Symantec claimed.
"The hijacking of clicks and subsequent redirection has led users to even more malware, including fake antivirus programs."
At its height, the malware is estimated to have infected over eight million Windows PCs and generated its authors in excess of £700,000 per year.
Bamital was mainly spread via a Windows software app, though it has also been infecting machines via infected websites.
Symantec and Microsoft both claim the takedown operation has severed the cyber crooks' connection to Bamital-infected computers.
The takedown happened after a US court granted Microsoft permission to seize servers associated with controlling the botnet from web-hosting facilities in Virginia and New Jersey on 6 February.
Microsoft has also begun alerting the owners of computers infected with Bamital, making it so that when enacting a web search they will be forwarded to an official Microsoft and Symantec webpage, alerting them to the problem.
However, security vendors warned the malware's authors may well return in the very near future.
"Anything which makes life more difficult for the cybercriminals, and disrupts their activities, has to be applauded," Sophos senior security consultant Graham Cluley told V3.
"The most important thing will be to bring those who write the malware, sell the malware, buy the malware, or profit from its use to justice. Unless the people behind Bamital and other malware operations are brought to book, the crime is just going to continue."
F-Secure researcher Sean Sullivan said while the crooks may return, the take down is still a big victory for the security industry.
"It's always good to see collaboration such as this. And even if the crooks return - it's the right thing to do. Legal takedown projects like this one are very time and resource consuming. So, kudos to Symantec (and the other parties) for taking it on," Sullivan told V3.
Microsoft has a strong track record of working to take down botnets such as Kehlios which it took offline in 2011.