Skip to main content

Microsoft and Symantec bust cybercrime network behind Bamital botnet

Microsoft and security firm Symantec have busted an international cybercrime ring, Reuters has reported. The two companies said they disrupted the operation by shutting down servers that accessed hundreds of thousands of computers without their owners’ knowledge or permission.

PCs infected with the botnet, called Bamital, were temporarily unable to carry out web searches, but Microsoft and Symantec made free clean-up tools available directly to users of infected computers.

A US district court ordered Microsoft to halt the botnet - the sixth time this has happened since 2010.

“The data we have shows that the infections were extremely global, with the largest number of users in the United States," said Symantec research manager Vikram Thakur, who added that Bamital was a medium-sized botnet, with between 300,000 and one million machines estimated to have been infected.

"When we started following the botnet a year ago, it went through several iterations over the year's time. For us to gather all the evidence, to understand how to put a plan together to spare users from negative effects after it went down, it took about a year," Thakur added.

The botnet reportedly worked by redirecting sites that appeared in users' search results to malicious webpages with whose owners Bamital's authors had “financial relationships.”

"This is just the tip of the iceberg in the world of click fraud," said Thakur.

The operation behind Bamital is thought to have netted at least $1 million (£640,000) per year, though more details about the size and scope of the network are still being investigated. An attorney with Microsoft’s Digital Crimes Unit said the botnet was likely to have originated in Russia or the Ukraine.