The Microsoft Digital Crimes Unit, in collaboration with Symantec, has taken down a dangerous Bamital botnet which hijacked people’s search results. Users would be taken to potentially dangerous websites, that could install malware onto their computer, steal their personal information, or fraudulently charge businesses for online advertisement clicks.
Microsoft and Symantec used a combined legal and technical action to take down Bamital. On January 31, Microsoft filed a lawsuit supported by a declaration from Symantec against the botnet’s operators in order to sever all the communication lines between the botnet and the malware-infected computers under its control. The court granted Microsoft’s request and on February 6, Microsoft – escorted by the U.S. Marshals Service – seized data and evidence from the botnet. The evidence was taken from web-hosting facilities in Virginia and New Jersey.
This takedown, known as Operation b58, is the sixth botnet disruption operation in three years by Microsoft as part of our Project MARS – Microsoft Active Response for Security – program and the second done in cooperation with Symantec.
Microsoft and Symantec’s research shows that in the last two years, more than eight million computers have been attacked by Bamital, and that the botnet’s search hijacking and click fraud schemes affected many major search engines and browsers, including those offered by Microsoft, Yahoo and Google.
Owners of infected computers trying to complete a search query will now be directed to an official Microsoft and Symantec webpage that explains the problem and provides information and resources to remove the Bamital infection and other malware from their computers