The Million Dollar Botnet
Bamital Botnet Making '$1m' Every Year
A botnet that was believed to be illegally making more than $1m (£640,000) a year, has been closed by security experts. Agencies working with Microsoft and anti-virus specialists Symantec raided data centres located in the US. The firms said infected computers were being used for identify theft fraud. Thousands of affected users were offered free tools to clean up the infected devices.
"In the last two years, more than eight million computers have been attacked by Bamital," said a Microsoft spokesperson. "The botnet's search hijacking and PPC click fraud schemes affected many major search engines and browsers, including those provided by Google, Microsoft and Yahoo."
"Because this threat exploited the online search and online advertising platform to harm innocent people, Microsoft and Symantec chose to take action against the Bamital botnet to help protect people and advance cloud security for everyone."
A botnet is a network of computers that have been infected by a virus, allowing a hi-tech criminal to use them remotely. In this instance, the Bamital botnet would hijack user search engine results, tricking users into clicking pay per click links on online advertisements. The botnet also had the ability to use the infected computers to 'recruit' other machines into the network.
It is believed between 300,000 and 1,000,000 devices may have been actively infected.
Reducing PPC Click Fraud
In order to combat the botnet, Microsoft and Symantec temporarily disabled infected users' ability to search the web - instead presenting them with a warning screen explaining the problem and how to solve it. "Microsoft is also using the intelligence gathered in this operation to work with Internet service providers and computer emergency response teams to help victims regain control of their computers," said a Microsoft spokesperson.
Botnets are an increasing problem for security firms and computer users alike. Unlike other types of virus, botnets can often operate without having a noticeable effect on the performance of devices, meaning users are unaware they are being targeted. Since 2010, Microsoft has obtained court orders to shut down botnets as part of a wide-ranging operation known as Project Mars - Microsoft Active Response for Security.
Working with US law enforcers to gather evidence on those behind the activity, the firms said 18 ringleaders had been identified. They were believed to be based in several countries, including the UK, Australia and the US.