Microsoft and Symantec Just Busted a Major Cyber Crime Ring

Illustration for article titled Microsoft and Symantec Just Busted a Major Cyber Crime Ring

It sounds like the plot of a movie: two major software corporations join together to shut down an evil global cyber crime operation and engage in wacky hijinks along the way. While the latter can be neither confirmed nor denied, according to an exclusive report by Reuters, Microsoft and Symantec did shut down servers that had been controlling hundreds of thousands of PCs without their users being any the wiser.

Bamital botnet's—the major cyber crime operation's—main attack involved hijacking search results, among other schemes, that would allow them to fraudulently charge businesses with online ad clicks. The over 18 ringleaders from around the world registered websites and rented servers using pseudonyms. This allowed Bamital to redirect users' search results to the fraudulent websites, where they would be able to benefit from any subsequent clicks.

Technicians raided data centers with US federal marshalls in tow and were able to persuade operators to take down a server all the way in the Netherlands. According to Microsoft's and Symantec's estimations, somewhere between 300,000 and 600,000 were carrying the malware that tethered them to Bamital botnet.


Of course, shutting down the servers meant that infected PCs were temporarily unable to surf the web, but free tools to clean out the malware are automatically being sent to the infected machines along with the following message:

You have reached this website because your computer is very likely to be infected by malware that redirects the results of your search queries. You will receive this notification until you remove the malware from your computer.

And both companies lived happily ever after. [Reuters]

Image: Shuttershock/lolloj


Share This Story

Get our newsletter



Sorry, but if I got that message I would assume that the message itself was malware, and not follow any instructions that site provided.

Of course the end result would be the same - I'd end up doing a full scan/removal of the malware (or just a rebuild).