A botnet that hijacked the clicks and search results of millions of net users has been shut down by Microsoft and Symantec. Apparently the group responsible was netting over a million dollars a year through advertising revenue, generated by the misappropriated traffic.
In order to achieve the shut down, the Microsoft Symantec tag team obtained a court order from the US District Court in Alexandria and went with technicians and federal marshals, to two specific data centres and took down the servers responsible for the traffic redirection. One of them went voluntarily, while the other had to be seized. These were commercial facilities however, so while you might applaud the local management for acting on the orders of a court, kudos to those that stood by their customers too – even if they were a little unsavoury.
Apparently Microsoft has been on the heels of this traffic redirection scam since 2011, but nailing down the servers responsible was incredibly difficult. Combined with the two plus months of legal wrangling to get the court order, and you have quite a wait between the discovery of the problem and a fix.
The malware responsible for the search engine result changeup, was called Bamital. It’s gone through several iterations, with the first injecting an iframe into every page, so every time you loaded a page, you loaded one filled with money making adverts as well. Later on it morphed into something that used HTML redirects.
Perhaps the most interesting part of this change however is how Microsoft and Symantec are helping victims of this malware. Instead of just shutting off the source of the problem, they’re helping those affected, by altering the malware’s redirects and sending people to pages that explain to them about Bamital and how they can remove it. Of course fake removal tools are all the rage with virus makers, so this may not work for everyone – but for some it might.
Victims of the Bamital malware are likely to be users of peer to peer file sharing technology, since that was one of the most popular methods for proliferating the bug.
It’s not known who was responsible for the botnet as of now, but Microsoft and Symantec will continue to pour over the evidence and will try to come up with some names.
KitGuru Says: Always nice to here when scams like this are shut down. It’s such a pain when you find yourself with a fresh piece of malware disrupting your PC usage experience.