Microsoft and Symantec have struck a blow at cyber criminals after taking down their command and control servers
Technicians from both Microsoft and Symantec, in the company of US Marshals, raided data centres New Jersey and Virginia, and took down the servers that controlled the Bamital botnet.
“Today we are pleased to announce the successful takedown of the Bamital botnet,” wrote Symantec on a corporate blog posting. “Symantec has been tracking this botnet since late 2009 and recently partnered with Microsoft to identify and shut down all known components vital to the botnet’s operation.”
It explained that Bamital was a Trojan that infected millions of computers worldwide. The Trojan acts by modifying search results and redirecting infected users to advertisement links.
“Bamital is a malware family whose primary purpose is to hijack search engine results, redirecting clicks on these results to an attacker controlled command-and-control (C&C) server,” said Symantec. “The C&C server redirects these search results to websites of the attackers’ choosing. Bamital also has the ability to click on advertisements without user interaction. This results in poor user experience when using search engines along with an increased risk of further malware infections.”
Meanwhile Microsoft revealed that all major search engines had been affected by the botnet, including Google, Bing and Yahoo.
“Microsoft and Symantec’s research shows that in the last two years, more than eight million computers have been attacked by Bamital, and that the botnet’s search hijacking and click fraud schemes affected many major search engines and browsers, including those offered by Microsoft, Yahoo and Google,” wrote Richard Domigues Boscovich, Assistant General Counsel, at Microsoft Digital Crimes Unit, in a blog post.
“Because this threat exploited the search and online advertising platform to harm innocent people, Microsoft and Symantec chose to take action against the Bamital botnet to help protect people and advance cloud security for everyone,” wrote Microsoft’s Boscovich.
Both companies have been ‘proactively’ informing users if their computers were infected. And Microsoft revealed that this is the sixth botnet that Redmond has shut down in the past three years, and the second done in cooperation with Symantec.
Microsoft has been one of the most active anti-botnet forces in the IT industry in recent years.
In 2011 for example it seized several command and control servers being used to run the Rustock malicious network, which was responsible for sending out billions of spam emails every day at its peak.
How well do you know Microsoft? Try our quiz and find out!