Skip to content

Microsoft and Symantec Push the Envelope in New Botnet Takedown

by on February 12, 2013

A malware exploit that’s been around for a while, Bamital, has now been taken down in a very unusual way. Microsoft and Symantec have partnered to create an immediate victim notification process that warns the users their PCs are infected and shows them how to clean them.

Microsoft and Symantec have partnered on botnet-destroy missions before, shutting down large botnet networks such as Waledac and Rustock. What’s unusual is the way the network was taken down. Because the malware uses the browser as the delivery vector, Microsoft and Symantec were able to co-opt Bamital’s communication mechanism and warn each victim when they clicked on a bogus search result.

Bamital is “search hijacking” malware that redirects users’ search requests. The victims are redirected to Bamital’s command and control (C&C) servers, and then forwarded to bogus sites. Although Bamital doesn’t do any damage to the user’s systems, it creates millions of dollars by artificially racking up online advertising network visits.

Using a federal court order that gave Microsoft control of Bamital’s C&C servers, the user is now directed to a page created by both Microsoft and Symantec. This page tells users that their Windows PC is probably infected, and provides links to Microsoft and Symantec clean-up tools.

More info about the takedown can be found here:

From → Security

Comments are closed.

%d bloggers like this: