Microsoft and Interpol team up to kill PC malware infection
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.
April 13, 2015
Microsoft and Interpol said today they have teamed up to kill a malware infection that compromised more than 770,000 Windows PCs globally.
Simda is what's called 'pay-per-install' malware software. Hackers and fraudsters pay miscreants some small amount of money for every 1,000 or so PCs they compromise.
The hackers effectively earn cash by selling access to the infected computers, renting out the botnet system to other similar crooks and miscreants.
The Simda malware, once installed and it has set itself up to run after every system startup, then kills off antivirus software, logs keystrokes made by the user so it can steal passwords and other sensitive information, downloads and executes banking Trojans and other malicious programs.
It can also upload copies of the user's files, and so on. It then opens a backdoor to a command-and-control server, so it can receive orders from the brains behind the malware, and then send back any stolen data.
The botnet was 'seeded' by compromising legitimate websites, and hijacking them to redirect visitors to sites hosting exploit kits which are webpages booby-trapped with code that exploits software vulnerabilities to install the malware.
The most heavily infected countries were the U.S., Britain, Brazil, Russia and Turkey, although Simda also spreads its tentacles worldwide.
The vast majority of victims were located in the U.S., where there were more than 90,000 new infections since the start of 2015 alone.
In a series of raids last week, ten command-and-control servers were physically seized in the Netherlands, with additional servers taken down in the U.S., Russia, Luxembourg and Poland.
The operation involved officers from the Dutch National High Tech Crime Unit (NHTCU), the FBI in the U.S. and the Russian Ministry of the Interior’s Cybercrime Department supported by the INTERPOL National Central Bureau in Moscow.
Security firms Trend Micro and Kaspersky Labs provided police the technical knowhow to locate the systems. The crackdown effectively decapitated the botnet by taking away the servers that sent infected PCs their instructions and received swiped passwords and other data.
Windows PCs keelhauled into the botnet remain compromised, hence the need for a cleanup operation. In order to help victims disinfect their PCs, Kaspersky Lab has created a website that will check your public IP address against a database of machines known to be infiltrated by Simda.
This database was lifted from the command and control servers during the takedown raids.
If you're after more technical information, Kaspersky Lab and Trend Micro have a writeup on their sites.
Overall, the Simda botnet takedown is hot on the heels of similar operations against the Beebone botnet, which also took place last week.
Source: Trend Micro.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!