Microsoft and Symantec have taken down the Bamital botnet, which hijacked people's search results and took them to potentially dangerous websites that could install malware onto their computer, steal their personal information, or charge businesses for online advertisement clicks.
Acccording to Microsoft and Symantec's research, in the last two years, more than eight million computers have been attacked by Bamital, and that the botnet?s search hijacking and click fraud schemes affected many major search engines and browsers, including those offered by Microsoft, Yahoo and Google.
"Because this threat exploited the search and online advertising platform to harm innocent people, Microsoft and Symantec chose to take action against the Bamital botnet to help protect people and advance cloud security for everyone," said Richard Domigues Boscovich, Assistant General Counsel, Microsoft Digital Crimes Unit.
While the Bamital botnet defrauded the entire online advertising platform, which is what allows the Internet and many online services to be free, what's most concerning is that these cybercriminals made people go to sites that they never intended to go and took control of the computer away from its owner. This redirection would leave the person whose computer was already infected with Bamital more vulnerable to becoming targeted for other crimes, such as identity theft and additional malware infections. For example, in one instance, Microsoft investigators found that Bamital rerouted a search for "Nickelodeon" to a website that distributed malware, including spyware that is designed to track the activities of the computer owner. Meanwhile, in another case, the researchers discovered that an official Norton Internet Security page that appears in a list of search results was redirected to a rogue antivirus site that distributes malware.
This takedown, known as Operation b58, is the sixth botnet disruption operation in three years by Microsoft as part of the company's Project MARS - Microsoft Active Response for Security - program and the second done in cooperation with Symantec. Microsoft and Symantec used a combined legal and technical action to take down Bamital. On January 31, Microsoft filed a lawsuit supported by a declaration from Symantec against the botnet?s operators in order to sever all the communication lines between the botnet and the malware-infected computers under its control. The court granted Microsoft's request and on February 6, Microsoft - escorted by the U.S. Marshals Service - successfully seized valuable data and evidence from the botnet. The evidence was taken from web-hosting facilities in Virginia and New Jersey.
Microsoft and Symantec have taken proactive action to notify victims. Owners of infected computers trying to complete a search query will now be directed to an official Microsoft and Symantec webpage that explains the problem and provides information and resources to remove the Bamital infection and other malware from their computers.
For those worried that their computer might be infected, Microsoft offers free tools and information at https://support.microsoft.com/botnets.