New Delhi, In a global operation coordinated by the INTERPOL Global Complex for Innovation in Singapore, a group of leading IT companies including Kaspersky Lab, Microsoft, Trend Micro and Japan’sCyber Defense Institute, in collaboration with law enforcement agencies, have disrupted the Simda criminal botnet – a network of thousands of infected PCs around the world.
In a series of simultaneous actions on Thursday 9 April, 10 command and control servers were seized in the Netherlands, with additional servers taken down in the US, Russia, Luxembourg and Poland. The operation involved officers from the Dutch National High Tech Crime Unit (NHTCU) in the Netherlands, the Federal Bureau of Investigation (FBI) in the US, the Police Grand-Ducale Section Nouvelles Technologies in Luxembourg, and the Russian Ministry of the Interior’s Cybercrime Department “K” supported by the INTERPOL National Central Bureau in Moscow.
This is expected to significantly disrupt the botnet’s operation. It will increase the cost and risk for cybercriminals intent on continuing their illegal business and will prevent victims’ computers from participating in malicious schemes.
Simda is a “pay-per-install” malware used to distribute illicit software and different types of malware, including those capable of stealing financial credentials. The pay-per-install model allows cybercriminals to earn money by selling access to infected PCs to other criminals who then install additional programs on it.
It is distributed by a number of infected websites redirecting to exploit kits. The attackers compromise legitimate web sites/servers so that the web pages served to visitors include malicious code. When users browse these pages, the malicious code silently loads content from the exploit site and infects a non-updated PC.
The Simda botnet has been seen in more than 190 countries, with the US, UK, Russia, Canada and Turkey being the worst affected.
The bot believed to have infected 770, 000 computers worldwide, with the vast majority of victims located in the US (more than 90,000 new infections since the start of 2015).
Active for years, Simda had been increasingly refined to exploit any vulnerability, with new, harder to detect versions being generated and distributed every few hours. At the moment, Kaspersky Lab’s virus collection contains more than 260,000 executable files belonging to different versions of Simda malware .
Information and intelligence is now being gathered in order to identify the actors behind the Simda botnet; the people who applied to their criminal activities the business model of charging affiliate partners.
“This successful operation highlights the value of, and need for partnerships involving national and international law enforcement and private industry in the fight against the global threat of cybercrime,” said Sanjay Virmani, Director of the INTERPOL Digital Crime Centre. “The operation has dealt a significant blow to the Simda botnet. INTERPOL will continue its work to assist member countries in protecting their citizens from cybercriminals and to identify other emerging threats.
(Continue to next page)