A joint operation between Microsoft and Symantec completed the discovery and the closure of a major botnet (a network of infected computers that perform malicious commands) called Bamital.
Hundreds of thousands of machines involved in the botnet, brought a group of operators of 18 people an income of more than $ 1 million in a year. The present case is unique in that for the first time in the history of closing botnets manufacturers have released special tools to help users to solve the problem affected.
According to reports, after the closure of a botnet of infected computers have lost access to search services on the Internet. Bamital botnet was the sixth since 2010, the closing of which Microsoft has received the judgment. In addition, this is the second case of collaboration Microsoft and Symantec to close botnet. Closed scale botnet seemed truly global.
The principle of a botnet Bamital was to redirect browsers to the links that the user clicks in search sites Google, Bing and Yahoo. Instead of the desired web user to the fake sites under the control of the botnet operators. In contrast to the various “toolbars” (such as Ask and Conduit), which do not affect the search results, just replaced a botnet links extradition.
According to news agency Reuters, the botnet Bamital brought considerable income to the owners – not less than one million dollars a year. Symantec has more than a year ago, turned to Microsoft for help in closing the botnet. According to Symantec, this was a pretty average-scale botnet – from 300 to 600 thousand infected PCs – its closure was very difficult.
During follow botnet has undergone many changes. A whole year went to collect reliable evidence that the end-users suffered considerable damage. The constant changes and optimization botnet greatly hampered surveillance and gathering evidence.
Another interesting feature: in the case Bamital found that criminals have to constantly move their servers from one location to another. At the same time, despite the growing skills of offenders, actual changes in the law and the close cooperation of companies like Microsoft and Symantec promise to significantly reduce the number and effectiveness of botnets.
Representatives of Microsoft and Symantec emphasize that this is the first time that it was possible not only to prevent providers and users of the dangers, but also create tools to combat botnet on the ground. When you try to search for the infected PC users to issue official page, where you can find detailed and clear instructions to remove the virus, with no restrictions on the choice of a particular virus. Similar pages created a national service for the Netherlands against cyber-crime in 2010 at the close of a botnet Bredolab, but this time, users do not offer tools for destruction.
In addition to direct assistance to remove a virus, Microsoft has taken another unusual move, pointing to a web page alias email address. mail, e-mail addresses and phone numbers of all the suspects in the creation and use of a botnet.