The assault on the offending network began on January 31 as a Symantec-backed lawsuit against the botnet's operators. Both parties wanted to sever the operators' communication with infected PCs. Naturally the court granted their request.
Then on February 6, with a subpoena in hand, the U.S. Marshals Service assisted Microsoft in seizing "valuable data and evidence" from web-hosting facilities located in Virginia and New Jersey that played host to the botnet. This takedown, known as Operation b58, was the sixth botnet disruption operation in three years by Microsoft as part of its Project MARS (Microsoft Active Response for Security) program. It was also the second time Symantec was involved.
"Taking down the Bamital botnet is the first step in protecting people," Microsoft said. "It’s important to note that while the cybercriminals in this case used the Bamital malware to break victims’ search experience, it was done in such a sneaky way that most victims wouldn’t have even noticed a problem while the botnet was still operating."
Now that the botnet is down, infected users will likely start to discover that their search functions are broken. Microsoft said owners of infected computers trying to complete a search query will now be directed to an official Microsoft and Symantec webpage that explains the problem and how to remove the Bamital infection.
"While the Bamital botnet defrauded the entire online advertising platform, which is what allows the Internet and many online services to be free, what’s most concerning is that these cybercriminals made people go to sites that they never intended to go and took control of the computer away from its owner," Microsoft said.
To read the full report, head here. However don't expect a detailed accounting of what happened in the botnet bust – you'll best find that kind of action on TV instead.