Symantec and Microsoft Corporation experts cooperating with USA government discovered a group of cybercriminals and put their activity to an end. Those criminals used Bamital botnet to control hundreds of thousand computers around the world.
Symantec experts claim to have discovered the botnet in 2009, but it took them almost 4 years to completely eliminate its activity. They said that Microsoft Corporation gave them a hand in this. The server, cut out on February 6, was controlling up to a million computers, which brought criminals about $1 million per year.
According to the report published by Symantec, Bamital botnet infected new systems spreading malicious files through peer-to-peer nets. In 2011 experts spent 6 weeks analyzing one of the Bamital’s C&C servers, and disclosed about 1.8 IP addresses connected to it.
Bamital botnet changed searching results, redirecting users to ads, giving cybercriminals millions of extra clicks on ad banners of certain companies. Furthermore, criminals could install malicious products on infected PCs to hijack users’ personal data.
When the botnet C&C server was cut out and users that couldn’t get connected to Internet were redirected to webpages notifying their computers were infected. They were also offered a free tool to clean up their PCs.
Experts claim the botnet was created in Russia or one of the former Soviet Republics, since downloaded cookie-files contained “yatutuzebil”, meaning “I’ve been here” in Russian.