Microsoft, Symantec Bust Botnet - GoFuckYourself.com

lezinterracial · 02-08-2013, 06:36 AM

http://www.cnbc.com/id/100442825

Software makers Microsoft and Symantec said they disrupted a global cyber crime operation by shutting down servers that controlled hundreds of thousands of PCs without the knowledge of their users.

The move made it temporarily impossible for infected PCs around the world to search the web, though the companies offered free tools to clean machines through messages that were automatically pushed out to infected computers.

Technicians working on behalf of both companies raided data centers in Weehawken, New Jersey, and Manassas, Virginia, on Wednesday, accompanied by U.S. federal marshals, under an order issued by the U.S. District Court in Alexandria, Virginia.

They seized control of one server at the New Jersey facility and persuaded the operators of the Virginia data center to take down a server at their parent company in the Netherlands, according to Richard Boscovich, assistant general counsel with Microsoft's Digital Crimes Unit.

Boscovich told Reuters that he had "a high degree of confidence" that the operation had succeeded in bringing down the cyber crime operation, known as the Bamital botnet.

"We think we got everything, but time will tell," he said.

The servers that were pulled off line on Wednesday had been used to communicate with what Microsoft and Symantec estimate are between 300,000 and 1 million PCs currently infected with malicious software that enslaved them into the botnet.

Hijacking Searches

The companies said that the Bamital operation hijacked search results and engaged in other schemes that the companies said fraudulently charge businesses for online advertisement clicks.

Bamital's organizers also had the ability to take control of infected PCs, installing other types of computer viruses that could engage in identity theft, recruit PCs into networks that attack websites and conduct other types of computer crimes.

Now that the servers have been shut down, users of infected PCs will be directed to a site informing them that their machines are infected with malicious software when they attempt to search the web.

Microsoft and Symantec are offering them free tools to fix their PCs and restore access to web searches via messages automatically pushed out to victims.

The messages warn: "You have reached this website because your computer is very likely to be infected by malware that redirects the results of your search queries. You will receive this notification until you remove the malware from your computer."

It was the sixth time that Microsoft has obtained a court order to disrupt a botnet since 2010. Previous operations have targeted bigger botnets, but this is the first where infected users have received warnings and free tools to clean up their machines.

Microsoft runs a Digital Crimes Unit out of its Redmond, Washington, headquarters that is staffed by 11 attorneys, investigators and other staff who work to help law enforcement fight financial crimes and exploitation of children over the web.

Symantec approached Microsoft about a year ago, asking the maker of Windows software to collaborate in trying to take down the Bamital operation. Last week they sought a court order to seize the Bamital servers.

The two companies said they conservatively estimate that the Bamital botnet generated at least $1 million a year in profits for the organizers of the operation. They said they will learn more about the size of the operation after they analyze information from infected machines that check in to the domains once controlled by Bamital's servers.

Their complaint identified 18 "John Doe" ringleaders, scattered from Russia and Romania to Britain, the United States and Australia, who registered websites and rented servers used in the operation under fictitious names. The complaint was filed last week with a federal court in Alexandria and unsealed on Wednesday.

The complaint alleges that the ringleaders made money through a scheme known as "click fraud" in which criminals get cash from advertisers who pay websites commissions when their users click on ads.

Bamital redirected search results from Google, Yahoo and Microsoft's Bing search engines to sites with which the authors of the botnet have financial relationships, according to the complaint.

The complaint also charges that Bamital's operators profited by forcing infected computers to generate large quantities of automated ad clicks without the knowledge of PC users.

Symantec researcher Vikram Thakur said Bamital is just one of several major botnets in a complex underground "click fraud ecosystem" that he believes generates at least tens of millions of dollars in revenue.

He said that researchers at will comb the data on the servers in order to better understand how the click fraud ecosystem works and potentially identify providers of fraudulent ads and traffic brokers.

"This is just the tip of the iceberg in the world of click fraud," said Thakur.

Boscovich said he believes the botnet originated in Russia or Ukraine because affiliated sites install a small text file known as a cookie that is written in Russian on infected computers.

The cookie file contains the Russian phrase "yatutuzebil," according to the court filing. That can loosely be translated as "I was here," he said.

Microsoft provided details on the takedown operation on its blog: here

adultmobile · 02-08-2013, 09:23 AM

This post misses the names.

http://krebsonsecurity.com/2013/02/m...amital-botnet/

http://arstechnica.com/security/2013...-and-symantec/

...the Bamital botnet. a multi-million dollar crime machine that used malicious software to hijack search results. A server in an ISPrime data center in Weehawken, New Jersey was seized, while the operators of a LeaseWeb data center in Manassas, Virginia voluntarily shut down a server at the company's headquarters in the Netherlands.

VamosNicholas · 02-08-2013, 10:16 AM

I don't know why but I always laugh a bit when I hear the term botnet. Shit is some serious business though, some of the larger botnets allegedly have/had millions of machines under their control. I also think it's interesting how there's been the transition by hackers from fucking up other people's computers to money making endeavors.

Due · 02-08-2013, 10:38 AM

In 2011, Microsoft and Symantec were able to monitor the traffic going to one of the botnet's servers. "We got back data that showed that 3 million clicks were being hijacked by that server on a daily basis," Thakur said. Based on a conservative estimate of a payment for one-tenth of a percent of the advertising value for each click, the companies determined the fraud ring was pulling in over $1 million a year from advertising networks. "And it could have been 2 or 3 times that much," he said.

3 million clicks a day makes you 1 million a year ??? LOL they are doing a horrible job !

02-08-2013, 06:36 AM	#1
lezinterracial Confirmed User Industry Role: Join Date: Jul 2012 Posts: 3,064	Microsoft, Symantec Bust Botnet http://www.cnbc.com/id/100442825 Software makers Microsoft and Symantec said they disrupted a global cyber crime operation by shutting down servers that controlled hundreds of thousands of PCs without the knowledge of their users. The move made it temporarily impossible for infected PCs around the world to search the web, though the companies offered free tools to clean machines through messages that were automatically pushed out to infected computers. Technicians working on behalf of both companies raided data centers in Weehawken, New Jersey, and Manassas, Virginia, on Wednesday, accompanied by U.S. federal marshals, under an order issued by the U.S. District Court in Alexandria, Virginia. They seized control of one server at the New Jersey facility and persuaded the operators of the Virginia data center to take down a server at their parent company in the Netherlands, according to Richard Boscovich, assistant general counsel with Microsoft's Digital Crimes Unit. Boscovich told Reuters that he had "a high degree of confidence" that the operation had succeeded in bringing down the cyber crime operation, known as the Bamital botnet. "We think we got everything, but time will tell," he said. The servers that were pulled off line on Wednesday had been used to communicate with what Microsoft and Symantec estimate are between 300,000 and 1 million PCs currently infected with malicious software that enslaved them into the botnet. Hijacking Searches The companies said that the Bamital operation hijacked search results and engaged in other schemes that the companies said fraudulently charge businesses for online advertisement clicks. Bamital's organizers also had the ability to take control of infected PCs, installing other types of computer viruses that could engage in identity theft, recruit PCs into networks that attack websites and conduct other types of computer crimes. Now that the servers have been shut down, users of infected PCs will be directed to a site informing them that their machines are infected with malicious software when they attempt to search the web. Microsoft and Symantec are offering them free tools to fix their PCs and restore access to web searches via messages automatically pushed out to victims. The messages warn: "You have reached this website because your computer is very likely to be infected by malware that redirects the results of your search queries. You will receive this notification until you remove the malware from your computer." It was the sixth time that Microsoft has obtained a court order to disrupt a botnet since 2010. Previous operations have targeted bigger botnets, but this is the first where infected users have received warnings and free tools to clean up their machines. Microsoft runs a Digital Crimes Unit out of its Redmond, Washington, headquarters that is staffed by 11 attorneys, investigators and other staff who work to help law enforcement fight financial crimes and exploitation of children over the web. Symantec approached Microsoft about a year ago, asking the maker of Windows software to collaborate in trying to take down the Bamital operation. Last week they sought a court order to seize the Bamital servers. The two companies said they conservatively estimate that the Bamital botnet generated at least $1 million a year in profits for the organizers of the operation. They said they will learn more about the size of the operation after they analyze information from infected machines that check in to the domains once controlled by Bamital's servers. Their complaint identified 18 "John Doe" ringleaders, scattered from Russia and Romania to Britain, the United States and Australia, who registered websites and rented servers used in the operation under fictitious names. The complaint was filed last week with a federal court in Alexandria and unsealed on Wednesday. The complaint alleges that the ringleaders made money through a scheme known as "click fraud" in which criminals get cash from advertisers who pay websites commissions when their users click on ads. Bamital redirected search results from Google, Yahoo and Microsoft's Bing search engines to sites with which the authors of the botnet have financial relationships, according to the complaint. The complaint also charges that Bamital's operators profited by forcing infected computers to generate large quantities of automated ad clicks without the knowledge of PC users. Symantec researcher Vikram Thakur said Bamital is just one of several major botnets in a complex underground "click fraud ecosystem" that he believes generates at least tens of millions of dollars in revenue. He said that researchers at will comb the data on the servers in order to better understand how the click fraud ecosystem works and potentially identify providers of fraudulent ads and traffic brokers. "This is just the tip of the iceberg in the world of click fraud," said Thakur. Boscovich said he believes the botnet originated in Russia or Ukraine because affiliated sites install a small text file known as a cookie that is written in Russian on infected computers. The cookie file contains the Russian phrase "yatutuzebil," according to the court filing. That can loosely be translated as "I was here," he said. Microsoft provided details on the takedown operation on its blog: here __________________ Live Sex Shows

02-08-2013, 09:23 AM	#2
adultmobile No, I am not banned Industry Role: Join Date: Nov 2003 Location: ChatGF.com Posts: 5,345	This post misses the names. http://krebsonsecurity.com/2013/02/m...amital-botnet/ http://arstechnica.com/security/2013...-and-symantec/ ...the Bamital botnet. a multi-million dollar crime machine that used malicious software to hijack search results. A server in an ISPrime data center in Weehawken, New Jersey was seized, while the operators of a LeaseWeb data center in Manassas, Virginia voluntarily shut down a server at the company's headquarters in the Netherlands. __________________ TubeCamGirl.com

02-08-2013, 10:38 AM	#4
Due Confirmed User Industry Role: Join Date: Mar 2001 Location: Murrieta, CA Posts: 3,620	In 2011, Microsoft and Symantec were able to monitor the traffic going to one of the botnet's servers. "We got back data that showed that 3 million clicks were being hijacked by that server on a daily basis," Thakur said. Based on a conservative estimate of a payment for one-tenth of a percent of the advertising value for each click, the companies determined the fraud ring was pulling in over $1 million a year from advertising networks. "And it could have been 2 or 3 times that much," he said. 3 million clicks a day makes you 1 million a year ??? LOL they are doing a horrible job ! __________________ I buy plugs Skype: Due_Global /Due

02-08-2013, 10:16 AM	#3
VamosNicholas Confirmed User Industry Role: Join Date: Oct 2012 Posts: 181	I don't know why but I always laugh a bit when I hear the term botnet. Shit is some serious business though, some of the larger botnets allegedly have/had millions of machines under their control. I also think it's interesting how there's been the transition by hackers from fucking up other people's computers to money making endeavors.