The Bamital Botnet, known for grossing about $1 million a year using fraudulent means has been destroyed by the investigative teams of Microsoft and Symantec. With help from the feds, the two teams collaborated in the investigation of a number of data centers for the botnet servers. This operation is the sixth operation in the past three years to take down botnets, titled Operation b58. This operation began around a year ago, when Symantec approached Microsoft with intent to collaborate and take down this botnet.
The most notorious means of the botnet are very typical, inflicting a fraudulent payload via search redirects. The victims were lured in to a scam (social engineering), in which malware was then installed to infect the machine. Once done, the victim will do their normal activities including searching, which the malware will redirect to scam sites, selling fake (or legitimate but modified) software or services, attempting to steal credit card data.
For the last two years of its continual attack on internet users, the botnet totaled 8 million computers, approximately, and stole/racked in around $1 million USD. Right now, it’s estimated that anywhere from 300,000 to 1 million computers are still infected with the botnet.
During the takedown operation, Microsoft’s crew constructed a lawsuit against the botnet operators to pull the plug on the zombie network. Yesterday, February 6, after the request was granted by the court, Microsoft was escorted by the US Marshals Service to go to every facility in Virginia and New Jersey to seize servers.
According to Richard Boscovich, assistant general counsel with Microsoft’s Digital Crimes Unit, the operators of the Virginia data center were persuaded to take down the server at the parent facility in the Netherlands.
Many of the cybercriminals involved include about 18 of them, scattered all around the world from the US, to the UK, to Australia, and even Romania.
Microsoft and Symantec seek to help users who’re infected. The search redirect and querying system by the rogue servers will be broken, therefore the search function on victim computers will be broken, too. There will be removal tools to help this, as well as the ability to repair the broken functions.
It is sure this will make it a lot harder for the cybercriminals behind Bamital to restart their servers, as Microsoft and possibly others like the feds and Symantec, have the servers in their custody.
Eighteen people have been charged in a major credit card fraud scheme. New Jersey federal prosecutors called the fraud one of the largest credit card fraud schemes ever uncovered by the US Department of Justice. This fraudulent act spanned eight countries, as well as 28 US States.
“The defendants are part of a massive international fraud enterprise involving thousands of false identities, fraudulent identification documents, doctored credit reports and more than $200 million in confirmed losses. Due to the massive scope of the fraud, which involved over 25,000 fraudulent credit cards, loss calculations are ongoing and final confirmed losses may grow substantially,” FBI Special Agent James Simpson said in court records.
The criminals charged used greedy means for the stolen money, buying high-end clothing, automobiles, electronics, etc. As well, they stockpiled some in odd places, like an oven in one case.
More information is still up for grabs in this case, once everyone has made their court appearances. It is unknown what the aim was for the criminals, however, it is no surprise the schemes used were for means to make the criminals more wealthy.
Keep your credit card safe with a couple of different tools: