All the latest UK technology news, reviews and analysis


Microsoft and Symantec take down Bamital botnet that had ensnared thousands of PCs

07 Feb 2013
Security padlock image

Microsoft and Symantec claim to have successfully shutdown the so-called Bamital botnet, ending a global cybercrime operation involving hundreds of thousands of infected PCs.

The two companies confirmed law enforcement agencies had raided a number of datacentres hosting the botnet's servers.

The Bamital botnet intercepted victims' requests from search engines like Google, Yahoo and Bing and redirected them to a number of malicious websites.

"Bamital is a malware family whose primary purpose is to hijack search engine results. In addition, Bamital generates non-user initiated network traffic, such as visits to websites and clicks on advertisements, with no user interaction," Symantec reported.

As well as its money-generating click fraud campaign, the botnet's authors are also believed to have used Bamital to spread other malware.

"Monitoring a single Bamital command-and-control (C&C) server over a six-week period in 2011 revealed over 1.8 million unique IP addresses communicating with the server, and an average of three million clicks being hijacked on a daily basis," Symantec claimed.

"The hijacking of clicks and subsequent redirection has led users to even more malware, including fake antivirus programs."

At its height, the malware is estimated to have infected over eight million Windows PCs and generated its authors in excess of £700,000 per year.

Bamital was mainly spread via a Windows software app, though it has also been infecting machines via infected websites.

Symantec and Microsoft both claim the takedown operation has severed the cyber crooks' connection to Bamital-infected computers.

The takedown happened after a US court granted Microsoft permission to seize servers associated with controlling the botnet from web-hosting facilities in Virginia and New Jersey on 6 February.

Microsoft has also begun alerting the owners of computers infected with Bamital, making it so that when enacting a web search they will be forwarded to an official Microsoft and Symantec webpage, alerting them to the problem.

However, security vendors warned the malware's authors may well return in the very near future.

"Anything which makes life more difficult for the cybercriminals, and disrupts their activities, has to be applauded," Sophos senior security consultant Graham Cluley told V3.

"The most important thing will be to bring those who write the malware, sell the malware, buy the malware, or profit from its use to justice. Unless the people behind Bamital and other malware operations are brought to book, the crime is just going to continue."

F-Secure researcher Sean Sullivan said while the crooks may return, the take down is still a big victory for the security industry.

"It's always good to see collaboration such as this. And even if the crooks return - it's the right thing to do. Legal takedown projects like this one are very time and resource consuming. So, kudos to Symantec (and the other parties) for taking it on," Sullivan told V3.

Microsoft has a strong track record of working to take down botnets such as Kehlios which it took offline in 2011.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Tech gifts for Christmas 2014

Is a new tablet on your wish list this festive season, or have they become yesterday’s fad?
13%
23%
11%
7%
46%

Popular Threads

Powered by Disqus
iPhone 6 is available in silver gold and space grey

iPhone 6 video review

The best iOS handset to date

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Software Engineer (C++ or Java)

Role: Software Engineer - (Java or C++) Company...

IT Senior Professional – Servers & Storage

MMU is looking for an enthusiastic and suitably qualified...

We are looking for a Chief Technology Officer (CTO)!

We are looking for a Chief Technology Officer (CTO...

Executive Director

Executive Director – IAM SaaS Eduserv’s IAM ‘OpenAthens’...
To send to more than one email address, simply separate each address with a comma.