Microsoft and Symantec today announced they have jointly taken down the command and control infrastructure of the Bamital botnet, which managed a massive click-fraud scheme. From Yahoo news:
The companies said that the Bamital operation hijacked search results and engaged in other schemes that the companies said fraudulently charge businesses for online advertisement clicks.
Bamital’s organizers also had the ability to take control of infected PCs, installing other types of computer viruses that could engage in identity theft, recruit PCs into networks that attack websites and conduct other types of computer crimes.
Now that the servers have been shut down, users of infected PCs will be directed to a site informing them that their machines are infected with malicious software when they attempt to search the web.
While they had judicial approval to perform the takedown, it’s interesting that they have rendered upwards of a million PCs unable to use the Internet. Click-fraud is technically easy and amazingly profitable, but it’s not something I have often seen law enforcement go after. Some additional details are on the Microsoft blog, and malware cleanup tools are available on the Microsoft Support Site in case your machine was infected.