Microsoft (News - Alert) and Symantec worked together recently to disrupt the Bamital global cyber crime operation by helping U.S. federal marshals shut down servers used to control a number of computers without the knowledge of their owners.
Shutting down these servers made it temporarily impossible for those PCs infected by the servers to engage in Internet searches, but free tools to clean malicious programs were quickly pushed to the infected machines.
Technicians from these companies helped to raid data centers in Weehawken, New Jersey and Manassas, Virginia yesterday, as ordered by the U.S. District Court in Alexandria, Virginia. According to Richard Boscovich, assistant general counsel with Microsoft's Digital Crimes Unit, the team of technicians first seized control of one server at the New Jersey facility, then persuaded operators of the Virginia data center to take down the server at their parent company in the Netherlands.
Boscovich went on to add that it seemed likely the operation had effectively brought down the entire cyber crime operation, but “time will tell.”
Microsoft and Symantec (News - Alert) estimate that there are somewhere between 300,000 and one million PCs infected with the malicious software which allowed the cyber crime operation to seize control. Once these PCs were infected, Bamital's organizer would then install other viruses that would engage in identity theft and recruit PCs into networks to attack other websites.
The Bamital operation would also hijack search results and enact schemes to fraudulently charge businesses for online advertisement clicks.
Users with an infected PC should be redirected to a site informing them that their machine has been infected when they try to perform a Web search, with this message: "You have reached this website because your computer is very likely to be infected by malware that redirects the results of your search queries. You will receive this notification until you remove the malware from your computer."
Microsoft is no stranger to busting cyber crime, having disrupted another botnet toward the end of 2012. In fact, the Bamital cyber crime operation was the sixth time the company has obtained a court order to disrupt a botnet since 2010.
In 2008, Microsoft gave law enforcement a new tool to fight botnets that leverages data compiled from 450 million computer users that installed the Malicious Software Removal tool.
Edited by Braden Becker