Over the past few years, Microsoft has been proactive in trying to shut down criminal botnets that use malware to infect PCs for the use of their illegal activities. So far, the company has conducted operations to take down the Rustock, Kelihos, and Zeus-based botnets, among others.
Today, Microsoft announced yet another takedown of a botnet and this time it worked with antivirus company Symantec to do so. The official Microsoft blog has the details of this new move, called Operation b58, to deactivate the Bamital botnet.
Microsoft said the criminal operation was designed to hijack the search results on a user's PC, where it could then install malware that might steal personal information. The botnet could also generate false clicks on online ad banners that defrauded online ad agengies. The blog stated:
Microsoft and Symantec’s research shows that in the last two years, more than eight million computers have been attacked by Bamital, and that the botnet’s search hijacking and click fraud schemes affected many major search engines and browsers, including those offered by Microsoft, Yahoo and Google.
In late January, Microsoft and Symantec filed a lawsuit against the operators of the botnet. Today, with the help of the U.S. Marshals Service, Microsoft raided web hosting locations in Virginia and New Jersey in order to obtain data that could be used as evidence against the botnet. The blog added:
Because the data gathered from this takedown will become part of Microsoft’s ongoing research in support of protecting its customers from a range of evolving online security threats, we can actually use the criminals’ infrastructure against them and make it harder and more expensive for them to commit cybercrime.
If someone has a PC that has malware from the Bamital botnet, using a search engine will take them to a website set up by Microsoft and Symantec webpage that tells them the bad news, but also provides information on how to get rid of the malware from their PC.
Source: Microsoft | Image via Microsoft