Microsoft and Symantec take down Bamital botnet
Working under an order issued by the US District Court of Alexandria, Virgina, and accompanied by federal marshals, technicians from Microsoft and Symantec disabled servers that controlled a botnet called Bamital. This botnet affected as many as eight million users over several years, and hijacked their search results and redirected them to potentially harmful sites.
One server in New Jersey was seized and the operators of a second data center located in Virgina were persuaded to shut down a server at their parent company headquarters in The Netherlands. Estimates of currently infected computers were said to be between 300,000 and 1 million PC’s.
One of the main sources of income from this particular botnet is said to be “click fraud” in which those who run the botnet get cash from advertisers who pay websites commissions when their users click on ads. Microsoft and Symantec estimate that the botnet generated at least one million dollars a year through this scheme.
Those who are infected with this particular malware will now be redirected to a site showing a message from Microsoft and Symantec informing them that their computer has been infected. Both companies are offering free tools for removal of the malware.
More information on the story can be seen at Reuters.
There are 6 comments
- MyCE Member
- Posted on: 07 Feb 13 22:25
The problem with this is that people will write malware leading to pages that mimic this Microsoft one for scareware purposes.
- Posted on: 07 Feb 13 22:56
I'm sure the irony is not lost on Microsoft and Symantic, but there doesn't seem to be a better alternative.
- MyCE Senior Member
- Posted on: 08 Feb 13 02:00
Actually, I suppose what they're doing isn't that different, but still...
- MyCE Resident Commenter
- Posted on: 12 Feb 13 21:21
- Posted on: 12 Feb 13 22:18
- Senior Administrator & Reviewer
- Posted on: 12 Feb 13 22:55
If it persistently appears, suspicious users will probably consider this itself to be a scam and a few searches should make it clear that this is a genuine message. Even if it means they pay a PC repair centre, that repair shop should hopefully be familiar with the virus.
On the other hand if it's a once off or with a "Do not show this message again" tick-box, there's a good chance many users will just close the Windows thinking it's another scareware scam.
Most popular headlines
- Tue 10 Dec 04:12 by DoMiN8ToR
The internet's most popular torrent site, the Piratebay, changed its domain name again. It moved from thepiratebay.sx to thepiratebay.ac. The .sx doma
- Mon 9 Dec 08:12 by DoMiN8ToR
According to gamers a patch released for basketball video game NBA 2K14 adds 'always on' DRM to the game which means it can no longer be played offlin
- Fri 6 Dec 04:12 by Kerry56
With only a simple notice buried in a chart on the Microsoft life cycle fact sheet, Microsoft has ended retail sales of their most widely used operati
- Tue 10 Dec 07:12 by DoMiN8ToR
A Windows 8 update will bring back the start menu as we know it and allows Metro applications to run on the desktop. The information comes from the us
- Thu 5 Dec 11:12 by Kerry56
Facebook has recently been granted a patent on a process where they examine their users profile information in order to better identify pirated materi