In a joint effort, Microsoft and Symantec have taken down a dangerous botnet called “Bamital” which hijacked search results and took victims to potentially malicious sites that would install malware.
“Microsoft Digital Crimes Unit, in collaboration with Symantec, has taken down the dangerous Bamital botnet which hijacked people’s search results and took them to potentially dangerous websites that could install malware onto their computer, steal their personal information, or fraudulently charge businesses for online advertisement clicks,” Microsoft announced in an official blog post. According to Microsoft, within the past two years, more than eight million computers have been attacked by the Bamital botnet, affecting search engines such as Microsoft, Yahoo and Google.
“For example, in one instance, Microsoft investigators found that Bamital rerouted a search for “Nickelodeon” to a website that distributed malware, including spyware that is designed to track the activities of the computer owner. Meanwhile, in another case, our researchers discovered that an official Norton Internet Security page that appears in a list of search results was redirected to a rogue antivirus site that distributes malware,” Microsoft mentioned.
The demise of the Bamital Botnet will be the sixth botnet takedown in the past three years by Microsoft, as part of the company’s MARS (Microsoft Active Response for Security) program. This takedown was also known as Operation b58. Microsoft and Symantec files a lawsuit against the botnet’s operators this past January and once the court granted the request, Microsoft (along with the US Marshals) seized data and evidence from web hosting facilities in Virginia and New Jersey. Microsoft is also helping victims regain control of their computers.