Symantec and Microsoft Take Down Huge Botnet “Bamital”
Symantec and Microsoft recently demolished 'Bamital,' one huge botnet executing click-fraud operations, with the network being into existence since 2009 in numerous versions, accumulating millions of USDs as false revenue for the bot-masters, while disseminating additional malicious software like scareware.
The botnet flourished as it compromised clicks users performed through search engines that the malware targeted, according to Symantec. During the attacks, clicks on malevolent web-links or advertisements got diverted onto the cyber crooks' remote server that connected the search items with the source of the clicks for diverting victims.
Security investigators Vikram Thakur and Piotr Krysiuk from Symantec posted that suppose an end-user performed an online search to get results related to anti-virus software while certain URL hit intended to be a Symantec-owned website, what the malicious remote server did was to utilize the information towards diverting the end-user's hijacked PC onto some 3rd-party site, which showed Symantec's brand as well as purveyed fake AV called scareware. The process thus made Bamital's masters as becoming ad-networks while earning payments from advertisers, they wrote. Threatpost.com published this dated February 6, 2013.
Present Director Jeff Williams of Dell SecureWorks' Security Strategy Unit said that Bamital's functioning involved diverting websites a Web-surfer would click among hits obtained from search-engines such as Yahoo, Bing and Google onto those the botnet's perpetrators controlled. Precisely, Bamital would destabilize valid search results, he described. Cnet.com published this dated February 6, 2013.
Further according to Assistant General Counsel Richard Boscovich with the Digital Crime Unit of Microsoft, he's sure the country-of-origin for the botnet is Ukraine/Russia since associate websites plant one tiny text file (or simply called a cookie), which uses the Russian language when on the contaminated PCs. For, there's this Russian phrase that says "yatutuzebil" roughly meaning "I was here" in the cookie, he says. Reuters.com published this dated February 6, 2013.
Boscovich also states that Bamital, starting 2010, has damaged 8.2m-8.3m PCs. Also, following Symantec's estimation of 1.2m-1.4m PCs getting contaminated with Bamital starting 2011, Boscovich says that one will have to wait 24-hrs-or-more to know the present count of Bamital-contaminated PCs, thus published Bloomberg.com dated February 7, 2013.