Microsoft And Symantec Turn Tables On $1M Per Year Botnet Scam
February 7, 2013

Microsoft And Symantec Bring Down $1M Per Year Botnet Operation

Michael Harper for — Your Universe Online

The Microsoft Digital Crimes Unit (MDCU) has done it again, this time disrupting a crime operation which was controlling thousands of PCs without the permission or knowledge of their owners.

Teaming up with Symantec, the Microsoft Digital Crimes Unit was able to bring down the Bamital botnet, which was taking over users´ web searches and guiding them to dangerous sites. These sites would then install malware on the computer, steal sensitive and private information, and even use these machines to generate fake advertisement clicks. According to Reuters, this malware operation was said to have illegally brought in some $1 million a year for the botnet operators.

“Microsoft and Symantec´s research shows that in the last two years, more than eight million computers have been attacked by Bamital, and that the botnet´s search hijacking and click fraud schemes affected many major search engines and browsers, including those offered by Microsoft, Yahoo and Google,” claims Microsoft in a blog post.

While the Microsoft and Symantec teams were busy shutting down these dirty servers, users with infected machines were unable to surf the web. Instead, these users were brought to a web page with a message from Microsoft which read “Malware is a problem. We´re here to help.” Users were then informed that they had been directed to this page because Bamital had tried to overtake their web searches and lead them to an infected site. Microsoft also offered these users free tools to clean their machines and rid themselves of the Bamital malware.

The Microsoft/Symantec team also had to attack the malware infections on multiple fronts. In addition to directing users to free cleaning tools online, technicians for both companies also raided data centers to manually bring down the deviant servers. These technicians were accompanied by US Federal Marshals and raided data centers in Weehawken, New Jersey, and Manassas, Virginia yesterday. The technicians acted under a federal order delivered by the US district court in Alexandria, Virginia.

According to Reuters, the technicians and US marshals were able to completely take over the data center in New Jersey and convince those working at the Virginia center to take down a server at their parent company in the Netherlands. Speaking to Reuters, MDCU´s assistant general counsel Richard Bosovich said he believed the team was able to bring down the entire cyber crime operation. "We think we got everything, but time will tell," said Bosovich.

This takedown now marks the sixth time Microsoft has disrupted a malware operation in three years as a part of Project MARS — Microsoft Active Response for Security. Symantec had approached Microsoft last year to begin working together to bring down the Bamital malware operation. Microsoft filed a lawsuit against Bamital´s operators on January 31, asking to break the lines of communication between the botnet and the servers. The court granted this suit to Microsoft on Wednesday and shortly thereafter the technicians and US Marshals took to the data centers to seize and secure stolen data and evidence from the botnet operation.

Once Microsoft and Semantec begin to look through the data they´ve seized, they´ll have a better understanding of how large the Bamital botnet had grown and how many users it had effected.