Simda botnet taken down by police

Amidst all the bad news about breaches and new variants of viruses comes one small ray of sunshine: The Simda botnet, a password-stealing menace believed to have infected 770,000 computers around the world, has been taken down by the combined efforts of police and a team of security vendors.

Interpol said this morning that 10 Simda command and control servers were seized by police April 9 in the Netherlands, with additional servers taken down in the U.S., Russia, Luxembourg and Poland.

Microsoft’s Digital Crimes Unit provided forensic intelligence to Interpol and other partners after its big data analysis found a sharp increase in the latest variant, Simda.AT, around the world, the international law enforcement co-ordination agency said in a news release.

Percentage of Simda.AT machine detections by country from February to March 2015
[Graphic from Microsoft]

The Interpol’s Singapore-based Digital Crime Centre (IDCC) worked with Microsoft, Kaspersky Lab, Trend Micro and Japan’s Cyber Defense Institute to perform additional analysis of the Simda botnet resulting in a ‘heat map’ showing the spread of the infections globally, and the location of the command and control servers.

IDCC is part of Interpol’s new innovation complex in Singapore, which was also opened today. The third of Interpol’s third digital control centre for co-ordinating investigations, it includes a forensics laboratory to support digital crime investigations.

“This successful operation shows the value and need for partnerships between national and international law enforcement with private industry in the fight against the global threat of cybercrime,” IDCC director Sanjay Virmani said in a statement “This operation has dealt a significant blow to the Simda botnet and Interpol will continue in its work to assist member countries protect their citizens from cybercriminals and to identify other emerging threats.”

In the first two months of this year some 90,000 new infections were detected in the U.S. alone. The Simda botnet has been seen in more than 190 countries, with the worst affected including the U.S, Canada, the U.K, Turkey and Russia.

The operation involved officers from the Dutch National High Tech Crime Unit, the FBI, the Police Grand-Ducale Section Nouvelles Technologies in Luxembourg, and the Russian Ministry of the Interior’s Cybercrime Department “K” supported by the Interpol National Central Bureau in Moscow.

According to Microsoft, the Simda family of malware has been active since 2009. Simda.AT — seen since 2012, is the current version, which usually compromises websites with embedded or injected JavaScript. Microsoft said it has seen about 128,000 new infections a month for the past six months.

Compromised sites were used to redirect users’ traffic to another website, or gate. This gate website  redirects  a browser to the exploit landing page. In one example Microsoft gives, the exploit can be the Fiesta Exploit kit, which can deliver malicious Shockwave Flash files, malicious Java applet files, and malicious Silverlight files.

Many antivirus scanners will catch Simda. Microsoft has developed a free cleaning agent for Simda.  See  Microsoft Safety Scanner, Microsoft Security Essentials or run Windows Defender.

Kaspersky Lab has set up a self-check webpage where the public can see if their IP address has been found to be part of a Simda botnet: https://checkip.kaspersky.com

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now