The Bamital Botnet, known for grossing about $1 million a year using fraudulent means has been destroyed by the investigative teams of Microsoft and Symantec. With help from the feds, the two teams collaborated in the investigation of a number of data centers for the botnet servers. This operation is the sixth operation in the past three years to take down botnets, titled Operation b58. This operation began around a year ago, when Symantec approached Microsoft with intent to collaborate and take down this botnet.
The most notorious means of the botnet are very typical, inflicting a fraudulent payload via search redirects. The victims were lured in to a scam (social engineering), in which malware was then installed to infect the machine. Once done, the victim will do their normal activities including searching, which the malware will redirect to scam sites, selling fake (or legitimate but modified) software or services, attempting to steal credit card data.
For the last two years of its continual attack on internet users, the botnet totaled 8 million computers, approximately, and stole/racked in around $1 million USD. Right now, it’s estimated that anywhere from 300,000 to 1 million computers are still infected with the botnet.
During the takedown operation, Microsoft’s crew constructed a lawsuit against the botnet operators to pull the plug on the zombie network. Yesterday, February 6, after the request was granted by the court, Microsoft was escorted by the US Marshals Service to go to every facility in Virginia and New Jersey to seize servers.
According to Richard Boscovich, assistant general counsel with Microsoft’s Digital Crimes Unit, the operators of the Virginia data center were persuaded to take down the server at the parent facility in the Netherlands.
Many of the cybercriminals involved include about 18 of them, scattered all around the world from the US, to the UK, to Australia, and even Romania.
Microsoft and Symantec seek to help users who’re infected. The search redirect and querying system by the rogue servers will be broken, therefore the search function on victim computers will be broken, too. There will be removal tools to help this, as well as the ability to repair the broken functions.
It is sure this will make it a lot harder for the cybercriminals behind Bamital to restart their servers, as Microsoft and possibly others like the feds and Symantec, have the servers in their custody.