A botnet called Ramnit that infected thousands of computers across Europe, and stole reams of financial information, has been taken offline after a cross-industry campaign led by Europol's European Cybercrime Centre (EC3).
EC3 worked with Microsoft, Symantec and law enforcement agencies, including the UK’s National Crime Agency (NCA), to shut down the servers controlling the botnet. One was located in Gosport, Hampshire.
The Ramnit botnet spread malware via seemingly trustworthy links sent in phishing emails or messages posted on social networking websites, the NCA explained.
The malware was installed when people running Windows operating systems clicked on the links.
The machines were then under the control of criminals who were able to access personal or banking information, steal passwords and disable antivirus protection.
It is believed that over three million computers worldwide were infected with Ramnit, 33,000 of them in the UK. The malware has mostly been used to take money from bank accounts.
Symantec said that Ramnit had expanded in scope since 2011 when criminals began adding other elements to the payload, mostly taken from the Zeus trojan after its source code was leaked online in 2011.
“Over time the malware has evolved as its controllers appeared to shift their focus from building the botnet to exploiting it," Symantec said in a blog post.
"The most recent version of Ramnit (W32.Ramnit.B) has abandoned the file infection routine in favour of a range of alternative infection methods."
Symantec said that the majority of the 3.2 million computers worldwide that have been infected by Ramnit are in India, Indonesia and Vietnam.
Steve Pye, from the NCA’s National Cyber Crime Unit, said the takedown showed that industry efforts to disrupt criminal gangs online are paying off.
“Through this operation, we are disrupting a cybercrime threat which has left thousands of ordinary computer users in the UK at risk of having their privacy and personal information compromised,” he said.
“This malware effectively gives criminals a back door so they can take control of your computer, access your images, passwords or personal data and even use it to circulate further spam messages or launch illegal attacks on other websites.
Wil van Gemert, Europol's deputy director of operations, said that the takedown is the latest example of the success that international cooperation between private and public sector organisations is having against online cyber criminals.
“We will continue our efforts in taking down botnets and disrupting the core infrastructures used by criminals to conduct a variety of cybercrimes," he said.
"Together with the EU Member States and partners around the globe, our aim is to protect people around the world against these criminal activities."
The NCA urged people to use the closure of the botnet as an opportunity to check whether their computers are affected and have them cleared of the malware if they are.
Microsoft seizes control of phishing sites linked with Russian state hackers
Fitness trackers over-estimate the number of steps their users take, analysis of 67 research reports suggests
Everything we think we know about the imminent Apple iPhone 9, iPhone 11 and iPhone 11 Plus launches
All the latest rumours about Apple iPhone Displays, CPUs, launch dates and even prices
Nvidia brings Turing microarchitecture into the high-end gaming segment