It sounds like the plot of movie: two major software corporations join together to shut down an evil global cyber crime operation and engage in wacky hijinks along the way. While the latter can be neither confirmed nor denied, according to an exclusive report by Reuters, Microsoft and Symantec did shut down servers that had been controlling hundreds of thousands of PCs without their users being any the wiser.
Bamital botnet’s — the major cyber crime operation’s — main attack involved hijacking search results, among other schemes, that would allow them to fraudulently charge businesses with online ad clicks. The over 18 ringleaders from around the world registered websites and rented servers using pseudonyms. This allowed Bamital to redirect users’ search results to the fraudulent websites, where they would be able to benefit from any subsequent clicks.
Technicians raided data centres with US federal marshalls in tow and were able to persuade operators to take down a server all the way in the Netherlands. According to Microsoft’s and Symantec’s estimations, somewhere between 300,000 and 600,000 were carrying the malware that tethered them to Bamital botnet.
Of course, shutting down the servers meant that infected PCs were temporarily unable to surf the web, but free tools to clean out the malware are automatically being sent to the infected machines along with the following message:
You have reached this website because your computer is very likely to be infected by malware that redirects the results of your search queries. You will receive this notification until you remove the malware from your computer.
And both companies lived happily ever after. [Reuters]