Microsoft and Interpol have worked together to stop a malware infection (Simda) that has compromised over 770.000 Windows computers around the world.
The Simda is a “pay-per-install” software: scammers pay a certain amount of money for every 1.000 infected computers. So hackers earn quite a bit of cash from selling infected computers, and the crooks behind the scam are growing their botnet, constantly adding new infected computers.
Το κακόβουλο λογισμικό Simda, μόλις εγκατασταθεί είναι προγραμματισμένο να τρέχει μετά από κάθε εκκίνηση του μολυσμένου συστήματος. Σταματάει τη λειτουργία, κάθε λογισμικού προστασίας από ιούς, καταγράφει τις πληκτρολογήσεις που γίνονται από το χρήστη για να μπορεί να υποκλέψει codeς access and other sensitive information. The malware also downloads and executes banking Trojans and other malware.
Opens a backdoor to communicate with the administration and control server. So he can take orders from the brain behind the malicious software, and send him all the stolen data.
The botnet was spread with violations on legitimate websites, thus sending their visitors to websites hosting exploit kits.
The most polluted countries were the United States, the United Kingdom, Russia, Canada and Turkey, although Simda had spread its tentacles all over the world. The overwhelming majority of victims were in the US, where there were more than 90.000 new infections only from the beginning of 2015.
The raids began last Thursday, where they resulted in seizure 10 διακομιστών εντολών και ελέγχου στην Ολλανδία, στις ΗΠΑ, τη Ρωσία, το Λουξεμβούργο και τη Πολωνία. Στην επιχείρηση συμμετείχαν αστυνομικοί από την Δίωξη Εγκλήματος Υψηλής Τεχνολογίας της Ολλανδίας (NHTCU), το FBI στις ΗΠΑ, και το ρωσικό Cybercrime Department “K” που υποστηρίζεται από την Interpol National Central Bureau in Moscow.
Security companies Trend Micro and Kaspersky Lab have helped the authorities with the know-how they have to locate systems. The raid appears to have effectively destroyed the botnet by removing the servers that sent commands to infected PCs.
The takedown of the Simda botnet came after the "dismantling" of the Beebone botnet, which took place last week.