Microsoft Disrupted Cybercrime Botnet That Hijacked PCs

Microsoft Corp., the world’s biggest software maker, said it disrupted a cybercrime operation known as the Bamital botnet that took control of hundreds of thousands of personal computers by infecting them with malicious software.

Microsoft worked with Symantec Corp., the world’s biggest antivirus-software maker, to seize Bamital data and evidence yesterday at Web-hosting facilities in Weehawken, New Jersey, and Manassas, Virginia. Microsoft had filed a lawsuit in federal court in Alexandria, Virginia, on Jan. 31.

The malware hijacked browsers and redirected them to search websites of Bamital’s choosing, according to the complaint. Microsoft and Symantec yesterday directed users to tools designed to help clean affected computers. The number of affected computers ranges between 250,000 and 1 million, Richard Boscovich, assistant general counsel, said in an interview.

“The malware exposed computers to a huge range of security vulnerabilities such as identity theft,” said Boscovich, of Microsoft’s Digital Crimes Unit. “It also potentially took them to other malware.”

Bamital’s actions also took millions of dollars away from the search engines of advertisers, Boscovich said. Through the litigation, filed against “John Does 1-18, Controlling a Computer Botnet Thereby Injuring Microsoft and Its Customers,” Microsoft seeks control over the Bamital botnet, disgorgement of profits, and unspecified compensatory damages and legal costs.

‘Eastern European’

“We definitely believe that it’s of Eastern European origin, and the people behind the botnet are more likely either Russian or Ukranian,” Boscovich said.

Microsoft said that in one instance, company investigators “found that Bamital rerouted a search for ‘Nickelodeon’ to a website that distributed malware, including spyware that is designed to track the activities of the computer owner.”

Since 2010, Bamital has attacked 8.2 million to 8.3 million computers, Boscovich said. Symantec has estimated that 1.2 million to 1.4 million computers were actively infected with the malware since 2011. The current number of infected computers won’t be known for at least 24 hours, Boscovich said.

The lawsuit was filed under several civil laws, including the Lanham Act and the Computer Fraud & Abuse Act. Boscovich said he doesn’t know of a criminal investigation.

The case is Microsoft v. John Does 1-18, 13-cv-00139, U.S. District Court, Eastern District of Virginia (Alexandria).

Before it's here, it's on the Bloomberg Terminal.