Bamital Botnet destroyed: Microsoft, Symantec victorious

Chris Burns - Feb 7, 2013, 10:51 am CST
Bamital Botnet destroyed: Microsoft, Symantec victorious

This week the Botnet known as Bamital has been reported dead by the two warriors that claim to have killed it: Symantec and Microsoft. This report shows that the death of said botnet will take down its abilities in full: hijacking search results galore being the main evil this Bamital creature was working with. Each time a user in the line of fire searched for something using search engines from whens they’d be sent to a malicious 3rd party site, having malware installed from that point.

Microsoft has made it clear that their research pushes Bamital far beyond the average malicious attack on the public. What they’ve found suggests that a whopping 8 million computers had been affected by Bamital over the past two years alone, including many of the most major search engines. If you’d been using Microsoft’s Bing, Yahoo, Google, or a variety of other smaller engines over the past two years, Microsoft and Symantec are saying this week that you were at risk – but that you aren’t any longer.


That said, there are still users out there with the malware already on their computers. For those folks, Microsoft has provided their Virus and Security Solution Center for remote help. This is a continuation of what Microsoft calls their MARS initiative, aka Microsoft Active Response for Security.


The other big name you’ll want to know if you’re tracking such things is Operation b58. This code-name is the one associated with Symantec and Microsoft taking down Bamital, and is the sixth “botnet disruption operation” Microsoft has initiated in three years. That’s a whole ‘lotta botnet bunker busting! And it’s not just about sitting at home and keying in to the malware tossers from afar – Microsoft has provided photos of, for example, Microsoft DCU’s Richard Boscovich and Craig Schmidt working with a “third-party cyberforensics expert” securing a lovely collection of evidence of the Bamital botnet down in New Jersey at a web-hosting facility that will remain nameless (that’s the image you’re seeing above).

The image you see above with the yellow dot web sort of graphic is what Microsoft describes as Figure 28. This map was included in a legal declaration filed by Microsoft DCU’s Craig Schmidt (also pictured above) in Operation b58. It shows what happens when a computer infected with Bamital sees when they search in Bing for the word Chrome – ads, ads, and more ads. Fun stuff!

[via Microsoft]

Must Read Bits & Bytes