All the latest UK technology news, reviews and analysis


Microsoft and Symantec take down Bamital botnet that had ensnared thousands of PCs

07 Feb 2013
Security padlock image

Microsoft and Symantec claim to have successfully shutdown the so-called Bamital botnet, ending a global cybercrime operation involving hundreds of thousands of infected PCs.

The two companies confirmed law enforcement agencies had raided a number of datacentres hosting the botnet's servers.

The Bamital botnet intercepted victims' requests from search engines like Google, Yahoo and Bing and redirected them to a number of malicious websites.

"Bamital is a malware family whose primary purpose is to hijack search engine results. In addition, Bamital generates non-user initiated network traffic, such as visits to websites and clicks on advertisements, with no user interaction," Symantec reported.

As well as its money-generating click fraud campaign, the botnet's authors are also believed to have used Bamital to spread other malware.

"Monitoring a single Bamital command-and-control (C&C) server over a six-week period in 2011 revealed over 1.8 million unique IP addresses communicating with the server, and an average of three million clicks being hijacked on a daily basis," Symantec claimed.

"The hijacking of clicks and subsequent redirection has led users to even more malware, including fake antivirus programs."

At its height, the malware is estimated to have infected over eight million Windows PCs and generated its authors in excess of £700,000 per year.

Bamital was mainly spread via a Windows software app, though it has also been infecting machines via infected websites.

Symantec and Microsoft both claim the takedown operation has severed the cyber crooks' connection to Bamital-infected computers.

The takedown happened after a US court granted Microsoft permission to seize servers associated with controlling the botnet from web-hosting facilities in Virginia and New Jersey on 6 February.

Microsoft has also begun alerting the owners of computers infected with Bamital, making it so that when enacting a web search they will be forwarded to an official Microsoft and Symantec webpage, alerting them to the problem.

However, security vendors warned the malware's authors may well return in the very near future.

"Anything which makes life more difficult for the cybercriminals, and disrupts their activities, has to be applauded," Sophos senior security consultant Graham Cluley told V3.

"The most important thing will be to bring those who write the malware, sell the malware, buy the malware, or profit from its use to justice. Unless the people behind Bamital and other malware operations are brought to book, the crime is just going to continue."

F-Secure researcher Sean Sullivan said while the crooks may return, the take down is still a big victory for the security industry.

"It's always good to see collaboration such as this. And even if the crooks return - it's the right thing to do. Legal takedown projects like this one are very time and resource consuming. So, kudos to Symantec (and the other parties) for taking it on," Sullivan told V3.

Microsoft has a strong track record of working to take down botnets such as Kehlios which it took offline in 2011.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?
20%
14%
4%
20%
30%
12%

Popular Threads

Powered by Disqus
Galaxy S5 vs One M8 video review

Galaxy S5 vs HTC One M8 video review

We see which Android contender is best for business

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv33

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery

rdc2

iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Senior PHP Developer - OOP - MVC - Fantastic benefits! - £45K - Didcot

Senior PHP Developer - OOP - MVC - Fantastic benefits...

Scientific Software Engineer - C#.NET WPF - Image Analysis

Scientific Software Engineer / Programmer / Developer...

IT Helpdesk Support Analyst - West London

IT Helpdesk Support Analyst - West London (Chiswick...

Junior/Mid-Wieght PHP Developer - Symphony2 - Lond

Junior/Mid-Wieght PHP Developer - Symphony2 - London...
To send to more than one email address, simply separate each address with a comma.