Microsoft and Symantec researchers busted into two data centers in New Jersey and Virginia today to shut down servers associated with a botnet called Bamital.
The companies had an order from the U.S. District Court in Alexandria, Va., according to Reuters, allowing them to enter the data centers. Those at the New Jersey facility seized one of the servers and shut it down. Others in Virginia convinced workers to contact their Netherlands-based parent company and shut down a server there.
The botnet secretly used victim’s computers to steal advertising revenue. The victims didn’t know this was going on until their computers were suddenly unable to search the Internet. Microsoft and Symantec say those people were served with a message that read, “You have reached this website because you computer is very likely to be infected by malware that redirects the results of your search queries. You will receive this notification until you remove the malware from your computer.” It then offered ways to do so.
Bamital is believed to have infected somewhere between 600,000 and 900,000 computers. Microsoft and Symantec are confident they’ve shut down the entire botnet, but notes that only “time will tell,” according to Microsoft’s Digital Crimes Unit’s associate general counsel Richard Boscovich who spoke with Reuters.
This isn’t Microsoft’s first go-around at taking down a botnet, however. In 2011, the company took down the Kelihos botnet, which is small by comparison at on 41,000 infected computers. At the time Microsoft said, however, that the botnet was capable of sending out over 3.8 billion spam emails a day. Microsoft also named suspected perpetrators behind the botnet including a man named Dominique Alexander Piatti.
Later, in 2012, a second and bigger Kelihos botnet was found in the wild. It was subsequently shut down by Russian security firm Kaspersky Lab.