Microsoft and Interpol teamed up to stop her mode of a malware infection (Simda) that had compromised over 770.000 Windows computers worldwide.
The Simda is a "pay-per-install" software: fraudsters pay a sum of money for every 1.000 infected computers. So hackers make a lot of money selling infected computers, and scammers behind the scam grow their botnet, constantly adding new infected computers.
The malicious λογισμικό Simda, μόλις εγκατασταθεί είναι προγραμματισμένο να τρέχει μετά από κάθε εκκίνηση του μολυσμένου συστήματος. Σταματάει τη λειτουργία, κάθε λογισμικού προστασίας από ιούς, καταγράφει τις πληκτρολογήσεις που γίνονται από το χρήστη για να μπορεί να υποκλέψει κωδικούς πρόσβασης και άλλες ευαίσθητες πληροφορίες. Επίσης το κακόβουλο λογισμικό, κατεβάζει και εκτελεί τραπεζικά Trojans και άλλα κακόβουλα programs.
Opens a backdoor to communicate with the administration and control server. So he can take orders from the brain behind the malicious software, and send him all the stolen data.
The botnet was spread with violations on legitimate websites, thus sending their visitors to websites hosting exploit kits.
The most contaminated countries they were the US, the UK, Russia, Canada and Turkey, although Simda had spread its tentacles all over the world. The vast majority of victims were in the US, where there were more than 90.000 new infections since the start of 2015 alone.
The raids began last Thursday, where they resulted in seizure 10 command and control servers in the Netherlands, USA, Russia, Luxembourg and Poland. The operation involved officers from the Netherlands High-Tech Crime Prosecution (NHTCU), the FBI in the US, and the Russian Cybercrime Department “K” supported by the Interpol National Central Bureau in Moscow.
Security companies Trend Micro and Kaspersky Lab have helped the authorities with the know-how they have to locate systems. The raid appears to have effectively destroyed the botnet by removing the servers that sent commands to infected PCs.
The takedown of the Simda botnet came after the "dismantling" of the Beebone botnet, which took place last week.