Microsoft and Symantec strangle botnet

Stefan Mileschin · 8th February 2013, 06:37

Microsoft and Symantec have disrupted a global cybercrime operation by shutting down servers that controlled the Bamital botnet.

According to the Microsoft bog, the move made it temporarily impossible for infected PCs around the world to search the web, and both companies offered free tools to clean machines through messages that were automatically pushed out to infected computers.

Using a court order, corporate techies from both outfits raided data centres in Weehawken, New Jersey, and Manassas, Virginia, accompanied by US federal marshals.

Richard Boscovich, assistant general counsel with Microsoft's Digital Crimes Unit, said that the techies took control of one server at the New Jersey facility and persuaded the operators of the Virginia data centre to take down a server at their parent company in the Netherlands.

Microsoft and Symantec estimate there are between 300,000 and a million PCs infected with malicious Bamital software.

Bamital hijacked search results and engaged in other schemes that the companies said fraudulently charge businesses for online advertisement clicks.

Its owners could take control of infected PCs, installing other types of computer viruses that could engage in identity theft, recruit PCs into networks that attack websites.

Now that the servers have been shut down, users of infected PCs will be directed to a site informing them that their machines are infected with malicious software when they attempt to search the web.

This is the sixth time that Microsoft has obtained a court order to disrupt a botnet since 2010 this one was a little smaller than its previous take downs.

Symantec approached Microsoft about a year ago, asking the maker of Windows software to collaborate in trying to take down the Bamital operation. Once the servers can be analysed it will learn more about the size of the operation.

It was believed that the ringleaders were scattered all over the world. Some of the people behind it are believed to be from Russia, Romania, Britain, the United States and Australia. They registered the servers using bogus names.

Bamital redirected search results from Google, Yahoo and Microsoft's Bing search engines to sites with which the authors of the botnet have financial relationships.

http://news.techeye.net/security/mic...trangle-botnet

8th February 2013, 06:37	#1
Stefan Mileschin [M] Reviewer Join Date: May 2010 Location: Romania Posts: 148,652	Microsoft and Symantec strangle botnet Microsoft and Symantec have disrupted a global cybercrime operation by shutting down servers that controlled the Bamital botnet. According to the Microsoft bog, the move made it temporarily impossible for infected PCs around the world to search the web, and both companies offered free tools to clean machines through messages that were automatically pushed out to infected computers. Using a court order, corporate techies from both outfits raided data centres in Weehawken, New Jersey, and Manassas, Virginia, accompanied by US federal marshals. Richard Boscovich, assistant general counsel with Microsoft's Digital Crimes Unit, said that the techies took control of one server at the New Jersey facility and persuaded the operators of the Virginia data centre to take down a server at their parent company in the Netherlands. Microsoft and Symantec estimate there are between 300,000 and a million PCs infected with malicious Bamital software. Bamital hijacked search results and engaged in other schemes that the companies said fraudulently charge businesses for online advertisement clicks. Its owners could take control of infected PCs, installing other types of computer viruses that could engage in identity theft, recruit PCs into networks that attack websites. Now that the servers have been shut down, users of infected PCs will be directed to a site informing them that their machines are infected with malicious software when they attempt to search the web. This is the sixth time that Microsoft has obtained a court order to disrupt a botnet since 2010 this one was a little smaller than its previous take downs. Symantec approached Microsoft about a year ago, asking the maker of Windows software to collaborate in trying to take down the Bamital operation. Once the servers can be analysed it will learn more about the size of the operation. It was believed that the ringleaders were scattered all over the world. Some of the people behind it are believed to be from Russia, Romania, Britain, the United States and Australia. They registered the servers using bogus names. Bamital redirected search results from Google, Yahoo and Microsoft's Bing search engines to sites with which the authors of the botnet have financial relationships. http://news.techeye.net/security/mic...trangle-botnet

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Security alliance kills Grum botnet	Stefan Mileschin	WebNews	0	23rd July 2012 07:17
White House announces anti-botnet initiative	Stefan Mileschin	WebNews	0	31st May 2012 09:07
More Than 600,000 Macs Infected With Flashback Botnet	Stefan Mileschin	WebNews	0	6th April 2012 06:55
Pirated Windows 7 Builds Botnet with Trojan	jmke	WebNews	0	13th May 2009 22:23
Botnet master hits the kill switch, takes down 100,000 PCs	jmke	WebNews	0	9th May 2009 00:40
Symantec finds flaws with Vista	jmke	WebNews	0	18th July 2006 23:38
Symantec Posts Fix To Vulnerability	jmke	WebNews	0	29th May 2006 09:42
Symantec buys Veritas for $13.5bn stock	jmke	WebNews	0	16th December 2004 16:07