Microsoft and Symantec strangle botnet

Microsoft and Symantec have disrupted a global cybercrime operation by shutting down servers that controlled the Bamital botnet.

According to the Microsoft bog, the move made it temporarily impossible for infected PCs around the world to search the web, and both companies offered free tools to clean machines through messages that were automatically pushed out to infected computers.

Using a court order, corporate techies from both outfits raided data centres in Weehawken, New Jersey, and Manassas, Virginia, accompanied by US federal marshals.

Richard Boscovich, assistant general counsel with Microsoft’s Digital Crimes Unit, said that the techies took control of one server at the New Jersey facility and persuaded the operators of the Virginia data centre to take down a server at their parent company in the Netherlands.

Microsoft and Symantec estimate there are between 300,000 and a million PCs infected with malicious Bamital software.

Bamital hijacked search results and engaged in other schemes that the companies said fraudulently charge businesses for online advertisement clicks.

Its owners could take control of infected PCs, installing other types of computer viruses that could engage in identity theft, recruit PCs into networks that attack websites.

Now that the servers have been shut down, users of infected PCs will be directed to a site informing them that their machines are infected with malicious software when they attempt to search the web.

This is the sixth time that Microsoft has obtained a court order to disrupt a botnet since 2010 this one was a little smaller than its previous take downs.

Symantec approached Microsoft about a year ago, asking the maker of Windows software to collaborate in trying to take down the Bamital operation. Once the servers can be analysed it will learn more about the size of the operation.

It was believed that the ringleaders were scattered all over the world. Some of the people behind it are believed to be from Russia, Romania, Britain, the United States and Australia. They registered the servers using bogus names.

Bamital redirected search results from Google, Yahoo and Microsoft’s Bing search engines to sites with which the authors of the botnet have financial relationships.