Microsoft, Symantec Take Down Botnet

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More .

Microsoft and Symantec believe they have shut down the so-called Bamital botnet. Experts believe the botnet may have infected as many as 8 million systems and that it earned millions of dollars for its creators.

Ars Technica’s Sean Gallagher reported, “A botnet that redirected clicks from millions of PCs has been shut down by Microsoft and Symantec, at least for the moment. Based on the fraudulent traffic generated by the Bamital botnet, the two companies estimate that its operators netted more than $1 million a year by redirecting unsuspecting computer users to websites they didn’t intend to go, cashing in on the traffic with online advertising networks.”

Alastair Stevenson with V3.co.uk explained, “The Bamital botnet intercepted victims’ requests from search engines like Google, Yahoo and Bing and redirected them to a number of malicious websites. ‘Bamital is a malware family whose primary purpose is to hijack search engine results. In addition, Bamital generates non-user initiated network traffic, such as visits to websites and clicks on advertisements, with no user interaction,’ Symantec reported.”

At Krebs on Security, Brian Krebs wrote, “The tech firms said their research shows that in the last two years, more than eight million computers have been attacked by Bamital… According to Microsoft’s lawsuit, Bamital is most often installed via drive-by downloads, which use exploit kits stitched into hacked and malicious Web sites. Microsoft said the bad guys behind the botnet exclusively used the Phoenix Exploit Kit, a malware tool that uses vulnerabilities in Web browsers to silently install malware.”

Jim Finkle with Reuters noted, “Technicians working on behalf of both companies raided data centers in Weehawken, New Jersey, and Manassas, Virginia, on Wednesday, accompanied by U.S. federal marshals, under an order issued by the U.S. District Court in Alexandria, Virginia. They seized control of one server at the New Jersey facility and persuaded the operators of the Virginia data center to take down a server at their parent company in the Netherlands, according to Richard Boscovich, assistant general counsel with Microsoft’s Digital Crimes Unit. Boscovich told Reuters that he had ‘a high degree of confidence’ that the operation had succeeded in bringing down the cyber crime operation, known as the Bamital botnet. ‘We think we got everything, but time will tell,’ he said.”