The Inquirer-Home

Microsoft and Symantec shut down Bamital click fraud botnet

Shutting the barn door
Thu Feb 07 2013, 15:54
microsoft-seizes-evidence-in-bamital-takedown

PEOPLE THAT SUFFERED from the Bamital click fraud botnet can thank Microsoft and Symantec for shutting it down.

The two firms have worked together to take down the botnet that infected eight million computers and carried out search hijacking and click fraud schemes against big hitters like Microsoft and Google. According to Microsoft the botnet dragged web browsers into dark alleyways on the internet.

"Because this threat exploited the search and online advertising platform to harm innocent people, Microsoft and Symantec chose to take action against the Bamital botnet to help protect people and advance cloud security for everyone," said a Microsoft Technet blog post.

"While the Bamital botnet defrauded the entire online advertising platform, which is what allows the Internet and many online services to be free, what's most concerning is that these cybercriminals made people go to sites that they never intended to go and took control of the computer away from its owner. Much like being coerced through a dark alleyway."

The botnet would hijack people's searching, rerouting them from a destination, the example given is "Nickelodeon", to a website that served malware. This malware would include spyware and tracking software and in one instance a Norton Internet Security page appears to have been pulled into the web.

The coordinated effort between Microsoft and Symantec goes by the name Operation b58, and is part of what Microsoft calls Project MARS, or the Microsoft Active Response for Security.

In this instance Microsoft worked with Symantec and law enforcement in the US and Spain. This week a court granted their request to cut links between the botnet and its infected computers, and yesterday Microsoft and the US Marshals Service seized data and evidence from web hosting facilities in Virginia and New Jersey.

Anyone with a hijacked computer can expect an onscreen message the next time one of their searches is hijacked. They will be directed to a webpage that offers information about cleaning up and clearing out the malware that has infected their computer. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Microsoft's Windows 10 Preview has permission to watch your every move

Does Microsoft have the right to keylog users of its Windows 10 Technical Preview?