Microsoft and Symantec take down Bamital botnet

Working under an order issued by the US District Court of Alexandria, Virgina, and accompanied by federal marshals, technicians from Microsoft and Symantec disabled servers that controlled a botnet called Bamital.  This botnet affected as many as eight million users over several years, and hijacked their search results and redirected them to potentially harmful sites.

Microsoft and Symantec take down Bamital botnet

One server in New Jersey was seized and the operators of a second data center located in Virgina were persuaded to shut down a server at their parent company headquarters in The Netherlands.  Estimates of currently infected computers were said to be between 300,000 and 1 million PC’s.

One of the main sources of income from this particular botnet is said to be “click fraud” in which those who run the botnet get cash from advertisers who pay websites commissions when their users click on ads.   Microsoft and Symantec estimate that the botnet generated at least one million dollars a year through this scheme.

Those who are infected with this particular malware will now be redirected to a site showing a message from Microsoft and Symantec informing them that their computer has been infected.  Both companies are offering free tools for removal of the malware.

ADVERTISEMENT

More information on the story can be seen at Reuters.

ADVERTISEMENT