Many people still think that malware is software that completely interferes with normal computer operation. After all, if the hardware is working normally, it can’t be infected, right? Nothing could be more wrong. Malware creators are no longer bored with cyberbullying. The main goal of cybercriminals is not to plan a cyber disaster for satisfaction, but to earn money. In most cases, such targeting sets a completely different approach to the behavior of malware on a computer: the best is the least visible to the user.
Such sneaky behavior is often typical of botnets, for example . They usually consist of thousands of computers, and the largest one was up to hundreds of thousands. The owners of these computers have no idea that they are infected. They may only notice that their computer is running a little slower, which is not so unusual.
Botnets collect personal data including passwords, social security numbers, credit card details, addresses and telephone numbers. This data may be used in crimes such as identity theft, various types of fraud, spam and other harmful content. Botnets can also be used to launch attacks against specific sites and networks.
Closing a large botnet requires a lot of effort by several cooperating companies. The most recent example is the Simda botnet, which infected more than 770,000 computers in more than 190 countries, with the United States, the United Kingdom, Turkey, Canada and Russia being the most infected.
Simda is a „selling botnet” used to distribute illegal and malicious software, including those capable of stealing financial data. Developers of certain malicious programs paid Simda owners for every single installation. In other words, this botnet is kind of a huge commercial chain between malware writers.
The botnet has been active for many years. To make the malware even more effective, Simda’s people were working hard on new versions of the program, generating and distributing them even every few hours. Currently, Kaspersky Lab’s virus collection contains more than 260,000 executable files belonging to different versions of Simda.
Is your computer part of the Simda botnet? Check it out!
On Thursday, April 9, 14 Simda botnet command and control servers located in the Kingdom of the Netherlands, the United States, Luxembourg, Russia and Poland were taken down simultaneously.
The list of organizations that helped shut down the botnet highlights its complexity: Interpol, Microsoft, Kaspersky Lab, Trend Micro, the Institute for Cyber Defense in Japan, FBI, NHTCU Dutch Police Unit, Police Grand-Ducale Section Nouvelles Technologies in Luxembourg and the Department Cybercrime „K” of the Russian Ministry of the Interior.
“Botnets are geographically dispersed networks, so disconnecting them is usually a challenge. This is why collaboration between the public and private sectors is so important – each party makes a significant contribution to a joint project, ”said Vitalij Kamliuk, chief security researcher at Kaspersky Lab, now on a delegation to Interpol. „In this case, Kaspersky Lab’s task was to perform technical analysis of the malicious code, collect botnet telemetry data from the Kaspersky Security Network, and advise on strategies to disconnect networks of infected machines.”
As the investigation continues, it is too early to say who is behind the Simda botnet. It is important for users that as a result of the operation the command and control servers used by criminals to communicate with infected machines have been shut down. Although the operation of the Simda botnet is suspended, people whose computers have been infected should get rid of this malware as soon as possible.