Microsoft, Symantec take down Bamital click-fraud botnet

The botnet infected as many as 8 million computers over the past two years, the companies said

Microsoft and Symantec have dismantled a botnet that took over millions of computers for criminal activities such as identity theft and click fraud.

The Bamital botnet threatened the US$12.7 billion online advertising industry by generating fraudulent clicks on Internet ads, which fund many of the free online services available to consumers, the companies said.

As many as 8 million computers were infected with Bamital over the past two years, wrote Richard Domingues Boscovich, assistant general counsel for Microsoft's Digital Crimes Unit, in a blog post Wednesday.

It's the sixth botnet Microsoft has shut down in the past three years, and the second done in cooperation with Symantec, Boscovich wrote.

"Most if not all owners of Bamital-infected computers are unaware that their machines are infected," Microsoft said in a civil suit filed Jan. 31 in U.S. District Court for the Eastern District of Virginia.

The suit asked the court for permission to disrupt the botnet's command-and-control system. U.S. Marshals escorted investigators into Web-hosting facilities in Virginia and New Jersey, where they seized evidence and data, Boscovich wrote.

As in previous botnet-related lawsuits, Microsoft named 18 "John Doe" defendants, several of whom are listed as living in Russia, the U.S. and the U.K. The lawsuit will be amended when the defendants' real names are discovered.

The Bamital code caused users to be shuffled to malicious websites even if they clicked on legitimate search results returned by Microsoft's Bing search engine, as well as those of Yahoo and Google, according to the lawsuit.

By generating unintended clicks and visits, the botnet distorted the online advertising environment by making advertisers pay for clicks that were not genuine, the lawsuit says.

"Simply put, the ad owner paid for internet traffic that is of no use," it states.

Bamital could also steal personal information from computers and conduct distributed denial-of-service attacks, which disrupt websites by bombarding them with too much traffic.

An effort to clean up the infected computers is under way. When people with infected computers complete a search query, they're directed to a Web page from Microsoft and Symantec that explains how to remove the malicious software.

"We've found that cleanup efforts like this not only help clean people's computers, but they also take the very infrastructure the botnet needs to be impactful and profitable away from the cybercriminals," Boscovich wrote.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the PC World newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags symantecMicrosoftsecurityExploits / vulnerabilitiesmalware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?