All the latest UK technology news, reviews and analysis

Microsoft and Symantec take down Bamital botnet that had ensnared thousands of PCs

07 Feb 2013
Security padlock image

Microsoft and Symantec claim to have successfully shutdown the so-called Bamital botnet, ending a global cybercrime operation involving hundreds of thousands of infected PCs.

The two companies confirmed law enforcement agencies had raided a number of datacentres hosting the botnet's servers.

The Bamital botnet intercepted victims' requests from search engines like Google, Yahoo and Bing and redirected them to a number of malicious websites.

"Bamital is a malware family whose primary purpose is to hijack search engine results. In addition, Bamital generates non-user initiated network traffic, such as visits to websites and clicks on advertisements, with no user interaction," Symantec reported.

As well as its money-generating click fraud campaign, the botnet's authors are also believed to have used Bamital to spread other malware.

"Monitoring a single Bamital command-and-control (C&C) server over a six-week period in 2011 revealed over 1.8 million unique IP addresses communicating with the server, and an average of three million clicks being hijacked on a daily basis," Symantec claimed.

"The hijacking of clicks and subsequent redirection has led users to even more malware, including fake antivirus programs."

At its height, the malware is estimated to have infected over eight million Windows PCs and generated its authors in excess of £700,000 per year.

Bamital was mainly spread via a Windows software app, though it has also been infecting machines via infected websites.

Symantec and Microsoft both claim the takedown operation has severed the cyber crooks' connection to Bamital-infected computers.

The takedown happened after a US court granted Microsoft permission to seize servers associated with controlling the botnet from web-hosting facilities in Virginia and New Jersey on 6 February.

Microsoft has also begun alerting the owners of computers infected with Bamital, making it so that when enacting a web search they will be forwarded to an official Microsoft and Symantec webpage, alerting them to the problem.

However, security vendors warned the malware's authors may well return in the very near future.

"Anything which makes life more difficult for the cybercriminals, and disrupts their activities, has to be applauded," Sophos senior security consultant Graham Cluley told V3.

"The most important thing will be to bring those who write the malware, sell the malware, buy the malware, or profit from its use to justice. Unless the people behind Bamital and other malware operations are brought to book, the crime is just going to continue."

F-Secure researcher Sean Sullivan said while the crooks may return, the take down is still a big victory for the security industry.

"It's always good to see collaboration such as this. And even if the crooks return - it's the right thing to do. Legal takedown projects like this one are very time and resource consuming. So, kudos to Symantec (and the other parties) for taking it on," Sullivan told V3.

Microsoft has a strong track record of working to take down botnets such as Kehlios which it took offline in 2011.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Devices at work poll

Which device do you use most for work?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Big Data Architect - Permanent - London - 70k-120k


Senior Programme Manager - Software Development

Senior Programme Manager - Software Development £50...

Trainee Recruitment Consultant - Media Desk

Premier Group Recruitment are a renowned IT, Media and...

KPI Data Analyst (Performance monitoring, SQL, SSRS)

KPI Data Analyst (Performance monitoring, SQL, SSRS...
To send to more than one email address, simply separate each address with a comma.