Microsoft and Symantec have finally disrupted a global cyber crime operation by taking down the servers which controlled the Bamital botnet. Microsoft explained that the move made it temporarily impossible for infected computers across the globe to search the Internet. In the meanwhile, both software giants offered free tools to clean computers through messages which were automatically pushed out to infected PCs.
After having obtained a court order, corporate techies from both outfits raided data centres in New Jersey and Virginia, together with the American federal marshals. According to Richard Boscovich, assistant general counsel with Microsoft’s Digital Crimes Unit, the specialists of both companies took control of one server in New Jersey and managed to persuade the operators of the Virginia data centre to close down a server at their parent company in the Netherlands.
The software giants estimate that there are between 300,000 and 1,000,000 computers infected with malicious Bamital software across the globe. The botnet hijacked search results and engaged in other schemes which Microsoft said fraudulently charge businesses for Internet advertisement clicks. In addition, its owners could take control of infected computers, install other types of malware which could engage in identity theft, and recruit computers into networks which attack sites.
After the botnet has been shut down, the owners of infected computers are directed to a website that informs them their PCs are infected with malicious software when they try to search the Internet.
Microsoft reminds that since 2010 this is the 6th time that the company has obtained a court order to disrupt a botnet. By the way, this one was a bit smaller than its previous takedowns. As for the security software developer, Symantec approached Microsoft almost a year ago, asking it to cooperate in attempts to take down the Bamital operation. After the servers can be analysed, Symantec would learn more about the size of the operation.
The security experts believed that the ringleaders were scattered all over the globe, with the people behind the operation believed to originate from Russia, Romania, the UK, the US and Australia. The servers were registered under the bogus names, and Bamital redirected search results from Google, Yahoo and Bing to websites with which the creators of the botnet have financial relationships.