Symantec Identifies & Helps Take Down Global Cyber Crime Operation

    By Josh Davis | Small Business

    “You have reached this website because your computer is very likely to be infected by malware that redirects the results of your search queries. You will receive this notification until you remove the malware from your computer.”

    Today, Symantec and Microsoft technicians, together with U.S. federal marshals, raided data centers in Manassas, VA and Weehawken, N.J., shutting down servers, preventing users from accessing the internet, and pushing the above message to an estimated one million infected computers. If you were one of those caught in the process, while it may have been inconvenient, you were playing a small part in taking down a very big global cyber crime operation known as the Bamital botnet.

    A botnet is a form of hacking whereby computers or mobile devices are infected with the same malware. The malware gives a hacker control the machines and forces them to work together to perform certain tasks.

    Hackers do this by imbedding malicious code into websites and wait for people to click on them – like a browser exploit kit. When a user visits the infected site, the malware is downloaded onto their computer. Although botnets have been around since the late 90s, they are hard to track and thus, it’s easy for people to fall victim. To steal and manipulate a famous movie quote, “If you build the botnet, they will join.”

    This botnet profited through “click fraud” – when “a person, automated script or computer program imitates a legitimate user of a web browser clicking on an ad, for the purpose of generating a charge per click without having actual interest in the target of the ad’s link.”

    Using its horde of zombie computers, Bamital hijacked an average of three million clicks per day. Although each click was only worth fractions of a penny, together they generated over a million dollars a year for the 18 identified, but still anonymous, criminals scattered around the world including the U.S.

    In most cases – this one included – users have no idea their computers are infected. This allows hackers to profit for years without you even knowing it.

    Bamital could even use it’s abilities to force its zombie computers to download other viruses. And while the botnet itself was harmless to you, the other viruses it let in could engage in more nefarious personal attacks like identity theft.

    Symantec identified Bamital last year and approached Microsoft’s Digital Crimes Unit. Together they worked on gathering evidence and planning a strategy to take down the operation. Last week, with proof in hand, the companies sought a court order, which was granted. Immediately, with the help of federal marshals, they took action and seized the servers earlier today.

    Symantec and Microsoft have not settled for taking down the operation. They are offering victims free tools to fix their computers and restore their access to the internet.

    This was Microsoft’s sixth time taking down a botnet. Although Symantec and Microsoft continue fighting cyber crime, Vikram Thakur, a Symantec researcher, warns, “This is just the tip of the iceberg.” There are still several known botnets, and many more still hidden.

    Researches will now examine the confiscated servers to help them understand how criminals are developing the digital ecosystems needed for botnets to grow. They also hope to use their findings to develop tools for preventing future botnets.

    The government will hope to use the data to try to identify the 18 criminals who ran the operation.

    Poetically, the only hint at Bamital’s origin was a small cookie text file installed on infected computers. It contained a single Russian word, “yatutuzebil” – a phrase meaning, “I was here.”

    The cyber world is a dangerous place. Cybersecurity is not only a concern for people, but governments too. Imagine a botnet that takes command of the computers that control our power grid; the devastation brought on by a botnet turning off the networks air traffic controllers use to monitor our skies.

    This effort brings up many questions. But I think the most immediate one may be, “Who knew Microsoft had a Digital Crimes Unit?”

    You can read more about the Bamital botnet in a whitepaper Symantec released called Trojan.Bamital.

    More Tech articles from Business 2 Community:

    Subscribe to our mailing list
    * indicates required
    Small Business Services