Microsoft & Symantec team up to take down Bamital botnet

Over the past few years, Microsoft has been proactive in trying to shut down criminal botnets that use malware to infect PCs for the use of their illegal activities. So far, the company has conducted operations to take down the Rustock, Kelihos, and Zeus-based botnets, among others.

Today, Microsoft announced yet another takedown of a botnet and this time it worked with antivirus company Symantec to do so. The official Microsoft blog has the details of this new move, called Operation b58, to deactivate the Bamital botnet.

Microsoft said the criminal operation was designed to hijack the search results on a user's PC, where it could then install malware that might steal personal information. The botnet could also generate false clicks on online ad banners that defrauded online ad agengies. The blog stated:

Microsoft and Symantec’s research shows that in the last two years, more than eight million computers have been attacked by Bamital, and that the botnet’s search hijacking and click fraud schemes affected many major search engines and browsers, including those offered by Microsoft, Yahoo and Google.

In late January, Microsoft and Symantec filed a lawsuit against the operators of the botnet. Today, with the help of the U.S. Marshals Service, Microsoft raided web hosting locations in Virginia and New Jersey in order to obtain data that could be used as evidence against the botnet. The blog added:

Because the data gathered from this takedown will become part of Microsoft’s ongoing research in support of protecting its customers from a range of evolving online security threats, we can actually use the criminals’ infrastructure against them and make it harder and more expensive for them to commit cybercrime.

If someone has a PC that has malware from the Bamital botnet, using a search engine will take them to a website set up by Microsoft and Symantec webpage that tells them the bad news, but also provides information on how to get rid of the malware from their PC.

Source: Microsoft | Image via Microsoft

Report a problem with article
Previous Story

Microsoft working on new online signup UI for various services

Next Story

Former Microsoft employee launches third party SkyDrive Windows 8 app

12 Comments

Commenting is disabled on this article.

I don't get much spam. Largely due to Google's excellent spam filtering and the fact that I don't give my email address out to randoms.

They [MS] need to get a more sophisticated spam filter. I know people that get hammered with spam from the same domain over and over again.

The spammers only change the prefix of the email address (contact-23578@rupertic.com or contact-12475@rupertic.com) and MS spam filter never seem to recognize this and make the email unbelieverable from the get go. Hotmail/Outlook.com need a way to completely block entire domains or block of IP addresses.

I find that 70-80% of spam comes from Romania, Poland and the Urraine.

Major Plonquer said,
I don't get any spam at all. I find that only really, really dumb people get spam from Romania, Poland and the Urraine.

Even spammer do not waist resources with people with such attitude...

gullygod said,
They [MS] need to get a more sophisticated spam filter. I know people that get hammered with spam from the same domain over and over again.

The spammers only change the prefix of the email address (contact-23578@rupertic.com or contact-12475@rupertic.com) and MS spam filter never seem to recognize this and make the email unbelieverable from the get go. Hotmail/Outlook.com need a way to completely block entire domains or block of IP addresses.

I find that 70-80% of spam comes from Romania, Poland and the Urraine.

I'd dare say that if you want the more advanced offerings, you should get a real client and/or an email bouncer as the web based email is aimed squarely at being quite a simple uncluttered webbased email app.
In saying that there are a few things you can do.

For example, you can ensure that you're not loading any content outside the email used to track active accounts by going to the filter and reporting and setting up block attachments, pictures and links for anyone not in my safe senders list (contacts you've agreed to allow show). To clear up the spam pretty quickly (if its not one that random people need to email you with), you can enabled exclusive mode for junk email too. That'll filter everything into the junk folder except people you've replied, contacts, and safe sender list.
For most people, that's going to make their email box pretty empty. A quick bit of manual filtering should bring their content alive and new emails they sign up for will end up in the junk folder, not an issue if you're waiting for them to show up, just right click and mark not as junk, problem sorted.

However, if you want to manually filter emails by domains like you're pointed out, ie, everything from @rupertic.com is junk) you can use Options>Rules for sorting new messages;
1. Click new
2. Select [Sender's address] [ends with] @rupertic.com
3. Move to [Junk]
4. Click save.

It's really not as bad as you think.

xendrome said,
Or correct title "US Marshals raid hosting companies, Micorsoft and Symantec tag along"

No, The title is correct, this is about Microsoft teaming up with Symantec.

The raid was due to the lawsuit.

Had a customer come to my house yesterday complaining about all the spam that he gets. He said he didn't get any spam until recently. Until he was browsing the web and this popup appeared flashing at him telling him he won some sort of discount for a Harley Davidson Motorcycle. All they wanted was his First and last name and email address. He gave it to them and now he's getting raped with spam!

warwagon said,
..he won some sort of discount for a Harley Davidson Motorcycle. All they wanted was his First and last name and email address. He gave it to them..

Did he even get the discount?