Simda botnet taken down by Interpol
Posted by: Timothy Weaver on 04/14/2015 09:20 AM
[
Comments
]
An international law enforcement operation has taken down the Simda botnet. Seized were infrastructure owned by its controllers, including a number of command-and-control (C&C) servers.
Simda is thought to have infected more than 770,000 computers in 190 countries.
The main hubs of the activity was in the Netherlands, although servers were also seized in the US, Russia, Luxembourg, and Poland.
The botnet is thought to have been distributed via other botnets, malicious websites, and spam emails.
Interpol said that the majority of victims were likely to be unaware that their computer had been compromised.
The malware modifies the Windows host file to redirect victims who attempt to visit a number of popular search engines to a malicious IP address instead. Even when removed. the botnet remains active by changing the host files and continues to direct the victim to malicious IP addresses which could be used to infect the victim again.
The agency advised people to check their computers and scan it with up to date antivirus software.
Symantec reports the botnet as Trojan.Rloader.B.
Source: Symantec
Simda is thought to have infected more than 770,000 computers in 190 countries.
The main hubs of the activity was in the Netherlands, although servers were also seized in the US, Russia, Luxembourg, and Poland.
The botnet is thought to have been distributed via other botnets, malicious websites, and spam emails.
Interpol said that the majority of victims were likely to be unaware that their computer had been compromised.
The malware modifies the Windows host file to redirect victims who attempt to visit a number of popular search engines to a malicious IP address instead. Even when removed. the botnet remains active by changing the host files and continues to direct the victim to malicious IP addresses which could be used to infect the victim again.
The agency advised people to check their computers and scan it with up to date antivirus software.
Symantec reports the botnet as Trojan.Rloader.B.
Source: Symantec
Comments
