Myce.com Latest Updates

Microsoft and Symantec take down Bamital botnet

Posted at 07 February 2013 03:50 CEST by Kerry Brown

Working under an order issued by the US District Court of Alexandria, Virgina, and accompanied by federal marshals, technicians from Microsoft and Symantec disabled servers that controlled a botnet called Bamital.  This botnet affected as many as eight million users over several years, and hijacked their search results and redirected them to potentially harmful sites.

One server in New Jersey was seized and the operators of a second data center located in Virgina were persuaded to shut down a server at their parent company headquarters in The Netherlands.  Estimates of currently infected computers were said to be between 300,000 and 1 million PC’s.

One of the main sources of income from this particular botnet is said to be “click fraud” in which those who run the botnet get cash from advertisers who pay websites commissions when their users click on ads.   Microsoft and Symantec estimate that the botnet generated at least one million dollars a year through this scheme.

Those who are infected with this particular malware will now be redirected to a site showing a message from Microsoft and Symantec informing them that their computer has been infected.  Both companies are offering free tools for removal of the malware.

More information on the story can be seen at Reuters.

Click to share

There are 6 comments

Grim107
MyCE Member
Posted on: 07 Feb 13 22:25
    "Those who are infected with this particular malware will now be redirected to a site showing a message from Microsoft and Symantic informing them that their computer has been infected. Both companies are offering free tools for removal of the malware."

    The problem with this is that people will write malware leading to pages that mimic this Microsoft one for scareware purposes.
    Kerry56
    Administrator
    Posted on: 07 Feb 13 22:56
      ^Yes, this sort of redirect to sites that are supposedly run by trusted companies has been used in the past by malware authors.

      I'm sure the irony is not lost on Microsoft and Symantic, but there doesn't seem to be a better alternative.
      TSJnachos117
      MyCE Senior Member
      Posted on: 08 Feb 13 02:00
        Truth be told, that's probably the best solution. It's either that, or have Microsoft/Symantic attempt to track down the infected, and attempt to hack these computers and destroy the virus in secret. If they did that, how would they really be any different than the makers of malware?

        Actually, I suppose what they're doing isn't that different, but still...
        DukeNukem
        MyCE Resident Commenter
        Posted on: 12 Feb 13 21:21
          Isn't it spelled "Symantec"?

          Just sayin'.
          Kerry56
          Administrator
          Posted on: 12 Feb 13 22:18
            ^Hey! At least I was consistent.
            Seán
            Senior Administrator & Reviewer
            Posted on: 12 Feb 13 22:55
              It'll be interesting to see if this is a persistent message or just a once off.

              If it persistently appears, suspicious users will probably consider this itself to be a scam and a few searches should make it clear that this is a genuine message. Even if it means they pay a PC repair centre, that repair shop should hopefully be familiar with the virus.

              On the other hand if it's a once off or with a "Do not show this message again" tick-box, there's a good chance many users will just close the Windows thinking it's another scareware scam.

              Post your comment

              You need to register before you can comment

              Like us

              Most popular headlines

              Media Hint content unblocker becomes a paid subscription

              Like most DVD and Blu-ray titles, content provider websites such as NBC, RT&Eacu...

              Home routers vulnerable due major OpenSSL bug

              Not only servers but also home routers are vulnerable due to the Heartbleed...

              Microsoft forces Windows 8.1 Spring Update - else no more patches

              Microsoft will force users to install the Windows 8.1 Spring Update if they want...

              Crucial M550 512GB SSD Review - Pure speed

              • Mon 14 Apr 04:04 by Vroom

              Review: Crucial M550 Reviewed by: ANTONIS SAPANIDIS Provided by: Cr...

              AMD to release Radeon SSDs - Powered by OCZ and Toshiba

              In an effort to offer a complete range of PC hardware, AMD is rumored to be work...

              See all headlines
              Follow Myce.com