Symantec, Microsoft Take Down Hijacking Bamital Botnet

Microsoft said on Thursday that its Digital Crimes Unit teamed up with security firm Symantec to take down the Bamital botnet that hijacks online searches.

The assault on the offending network began on January 31 as a Symantec-backed lawsuit against the botnet's operators. Both parties wanted to sever the operators' communication with infected PCs. Naturally the court granted their request.

Then on February 6, with a subpoena in hand, the U.S. Marshals Service assisted Microsoft in seizing "valuable data and evidence" from web-hosting facilities located in Virginia and New Jersey that played host to the botnet. This takedown, known as Operation b58, was the sixth botnet disruption operation in three years by Microsoft as part of its Project MARS (Microsoft Active Response for Security) program. It was also the second time Symantec was involved.

"Taking down the Bamital botnet is the first step in protecting people," Microsoft said. "It’s important to note that while the cybercriminals in this case used the Bamital malware to break victims’ search experience, it was done in such a sneaky way that most victims wouldn’t have even noticed a problem while the botnet was still operating."

Now that the botnet is down, infected users will likely start to discover that their search functions are broken. Microsoft said owners of infected computers trying to complete a search query will now be directed to an official Microsoft and Symantec webpage that explains the problem and how to remove the Bamital infection.

"While the Bamital botnet defrauded the entire online advertising platform, which is what allows the Internet and many online services to be free, what’s most concerning is that these cybercriminals made people go to sites that they never intended to go and took control of the computer away from its owner," Microsoft said.

To read the full report, head here. However don't expect a detailed accounting of what happened in the botnet bust – you'll best find that kind of action on TV instead.


Contact Us for News Tips, Corrections and Feedback


This thread is closed for comments
    Your comment
    Top Comments
  • Well good job Microsoft and Symantic
  • Other Comments
  • Well good job Microsoft and Symantic
  • Another one bots the dust
    Another one bots the dust
    And another one gone, and another one gone
    Another one bots the dust
    Hey, I'm gonna get you too
    Another one bots the dust
  • And another bot rises to fill the vacuum...

    (Nothing wrong with taking down bot nets though. Gotta keep reminding the operators to stay on their toes)