Interpol, tech companies take down Simda botnet

By

"Hide and seek" nature of pay-per-install bot made it a hard catch.

Interpol has led an operation with technology companies to disrupt the Simda botnet, which is thought to have infected more than 770,000 computers worldwide.

Interpol, tech companies take down Simda botnet

In a coordinated series actions last Thursday, 10 command and control servers were seized in the Netherlands, with other servers taken down in the US, Russia, Luxembourg and Poland.

The action was coordinated from the new Internet Digital Crime Centre in Singapore, which worked with Microsoft, Kaspersky Lab, Trend Micro and Japan’s Cyber Defense Institute.

The move came after Microsoft’s Digital Crimes Unit shared analysis that found a sharp increase in Simda infections around the world.

Interpol said in the first two months of 2015, 90,000 new infections were detected in the US alone. The Simda botnet had been seen in more than 190 countries, with the worst affected including the US, UK, Turkey, Canada and Russia.

Simda is a classic "pay-per-install" system whose operators generated income by selling access to the botnet to other criminals who used it to install their own malware.

Its primary functionalities are to re-route internet traffic and to distribute and install additional software packages or modules.

Over time it has been distributed through exploit kits, social engineering, spam mail, BlackHat SEO and mass SQL injection, but the most common infection vector was compromised websites using embedded or injected JavaScript, Microsoft said,

Interpol said Simda had been increasingly refined to exploit any vulnerability, with new and more difficult to detect versions being generated and distributed every few hours.

Microsoft said Simda had posed a "dynamic and elusive threat" since 2009 with functions ranging from a simple password stealer to a complex banking Trojan.

In a blog post, Kapersky's Vitaly Kamluk outlined the "hide and seek" nature of Simda, describing the bot as "mysterious because it rarely appears on our KSN radars despite compromising a large number of hosts every day."

Kapersky has launched a free service allowing users and admins to check whether their IP addresses are listed in a database of infected Simda hosts.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
interpolsecurity

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?