Skip to main content

Microsoft Malware Protection Center finally tames rampant Ramnit botnet

Ramnit, a botnet that infected millions of computers around the world, has been tamed, thanks in part to Microsoft Malware Protection Center. The takedown operation was a collaboration between Microsoft, Europol, Symantec and others, and it successfully stopped the malware which worked by disabling virus protection before stealing banking details and personal information from infected machines.

With an estimated 3.2 million computers infected globally, Ramnit has been used by cybercriminals the world over, but the majority of infections were found in Britain. The botnet was brought under control by shutting down several servers used by the group responsible for Ramnit.

Ramnit has been doing the rounds since at least 2010, and Symantec released a removal tool (opens in new tab) to help people whose computers fell victim. The botnet, which is being described as "module-based malware", remained highly active throughout the years, and Microsoft detected around 500,000 infected machines in the last six months alone.

Wil van Gemart, Europol's deputy director of operations, said:

This successful operation shows the importance of international law enforcement working together with private industry in the fight against the global threat of cybercrime. We will continue our efforts in taking down botnets and disrupting the core infrastructures used by criminals to conduct a variety of cybercrimes.

Ramnit's modular design makes it different -- and more dangerous -- than many other examples of malware. Once a machine has been infected, it is then possible to upgrade the malware to add more features and adapt to attempts to remove it. Being comprised of modules also meant that different elements of Ramnit could be worked on by different coders and optimized according to task. As Microsoft puts it, "Ramnit has a hot pluggable modular framework design that gives it plenty of flexibility to extend new functionality on demand".

Microsoft advises Windows 8 users to run Windows Defender, while anyone with an older version of the operating system can turn to Microsoft Security Essentials.

Photo credit: kentoh (opens in new tab) / Shutterstock (opens in new tab)