back to article Microsoft techies bust data centres, pull plug on Bamital botnet

The Bamital web-search-hijacking botnet has been taken down by security researchers from Microsoft and Symantec with help from the Feds. The crack unit raided a number of data centres where the botnet's servers were located. Bamital malware intercepted victims' search requests - including those sent to Google, Yahoo! and …


This topic is closed for new posts.
  1. Chris007
    Thumb Up

    chalk one for the good guys

    Yes I know if Microsofts OS were more resilient they wouldn't have had to do this but at least they are doing something. We'd be pillorying them if they did nothing.

    1. JDX Gold badge

      Re: chalk one for the good guys

      These botnets target desktops if I understand rightly, but with the explosion in the number of servers running is it likely we'll see botnets attacking cloud servers, etc? In that world, targeting Linux would be the obvious route just as targeting Android in the mobile space is the sensible choice.

      1. eulampios


        Explain me JDX, how would they "infect" my Linux box to redirect away from where I want? Not all the universe lives by the laws invented by Microsoft

        As for Android, don't install outside of gogleplay and read the permissions of an app before you install it. No need for microsoft coming for rescue

    2. Destroy All Monsters Silver badge

      Re: chalk one for the good guys

      > We'd be pillorying them if they did nothing.

      Yeah, they taxed us already, so they better get their asses in gear.

    3. MIc

      Re: chalk one for the good guys

      "if Microsofts OS were more resilient" how do you prevent uneducated users from installing malware? You can go the walled garden approach such as the surface RT but then people complain that it is not an open platform....

      1. This post has been deleted by its author

      2. eulampios


        how do you prevent uneducated users from installing malware?

        You don't know? in many ways:

        -- by creating trusted repositories or ports , no walled gardens here

        -- by creating a transparent API that mandates the permissions of an application

        -- by writing better software

        -- by opening up their source code

        -- by making the quality of the software their priority



    4. eulampios

      Re: chalk one for the good guys

      Undoing what they have originally done?

  2. This post has been deleted by its author

  3. Sil

    Kudos to Microsoft

    Kudos to Microsoft for its continued work on security and fight on crooks.

  4. Anonymous Coward

    Microsoft should change their policies a little bit IMO...

    "More than eight million Windows-powered computers have been attacked by Bamital over the last two years, according to security researchers at Microsoft and Symantec."

    What is the first thing someone who uses an illegal (unlicensed) version of Windows will do? Turn off the automatic updates because there's (usually) nothing coming in and when it does (and the illegal copy is identified) an update will quite likely render the box unusable. Thus; turn it off.

    Now, I can understand that Microsoft wants to target piracy, after all, it's basically going after extra money like any company would try to do. However; the downside to all of that is that a lot of PC's out there will remain unpatched and thus form potential targets for people trying to abuse those boxes. And with abuse I'm of course talking about (more) real abuse; the likes which hinders quite a lot of people.

    To that end I think Microsoft should consider pushing out security updates no matter what kind of OS is getting them, then perhaps try to get the "baddies" by luring them into downloading "free" software which then ends up only usable on a genuine copy of Windows.

    Of course there are also plenty of downsides to that scenario as well, sure, but IMO the whole issue of unlicensed Window copies where the owner stops updating his PC is a huge problem on its own. In fact; its the kind of problem which basically causes raids like this to happen.

    So why not try and take this somewhat higher in the food chain ?

    1. Tim Jenkins

      Re: Microsoft should change their policies a little bit IMO...

      Not to mention the April 8, 2014 end of support for all those perfectly legal, fully patched and completely functional XP SP3 boxes out there (three in my house alone), which will then be wide open to the "all-but-inevitable attacks criminals will unleash against the OS once the flow of patches ceases." (

      1. Anomalous Cowturd

        @ Tim Jenkins


        1. Tim Jenkins

          Re: @ Tim Jenkins

          Only when my Steam games all run on it ; )

          But seriously, my reply was to a post pointing out that Microsoft inflicts hundreds of millions of potential (or actual) botnetted PCs on the world because of their refusal to patch 'illegal' installations of XP. If, (as I suspect) most of the owners of 'legal' XP SP3s are unlikely to wipe-and-reinstall with a free operating system or Windows 8 (no application or settings migration from XP to Win8, remember?) come April 2014, this 'dirty' pool will only grow larger until natural attrition finally kills off the last of the XP hardware, which could take a while*.

          *My 'best' XP box is a 4GB 2Ghz Core2Duo Thinkpad, very low mileage and about 4 years old, but running a 13 year old OS because it's an ex 'business' model and shipped with licence downgrade rights from Vista. I'd fully expect it to last another 4 years, but the OS effectively self-destructs in about 420 days...

          1. Ian 55

            Re: @ Tim Jenkins

            If you're treating it as a game box (what the Windows PC here is) you can limit its connections to the outside world to Steam and nowhere else. It will keep running happily and you'll be able to Steam ahead until everything runs natively or under WINE.

  5. TeeCee Gold badge

    "The crack unit..."

    To avoid confusion we'd better start referring to the Win 8 UI design team as "The LSD and Ketamine cocktail unit" then.

    1. Destroy All Monsters Silver badge

      Re: "The crack unit..."

      More briefly, "The Krokodil"

  6. This post has been deleted by a moderator

    1. Rick Giles

      Re: They should be called WindowsNets not Botnets

      You are a voice of reason. Prepare for the MS fanboi flames.

      1. Jamie Jones Silver badge

        Re: They should be called WindowsNets not Botnets

        > You are a voice of reason. Prepare for the MS fanboi flames.

        Nope, Eadon is nothing more than a parrot. In this case, his post-title is good, but the message is the same old same old Eadon crap, that must cause many Linux devotees to face-palm when they read his unsubstantiated posts.

        And no, I'm not an MS fanboi - that couldn't be further from the truth

  7. John Lilburne Silver badge

    Anhd where were ...

    ... the ad agencies like Google that were still profiting from all this click fraud? Setting up new tax avoidance schemes no doubt.

    1. Destroy All Monsters Silver badge

      Re: Anhd where were ...

      "Tax avoidance schemes"


      "Robbery evasion", amirite?

      If only one could valid aircraft for all the robbing. Instead, one gets served with talking airheads.

  8. This post has been deleted by its author

    1. Rick Giles

      People who run Windows on servers

      are the same ones that have unbalanced ceiling fans in their house.

      Nuf said.

  9. Robert Helpmann?? Silver badge

    Preying on the Weak

    For example, Microsoft investigators found that Bamital rerouted a search for "Nickelodeon" to a website that distributed spyware.

    Not just pushing out malware, but targeting kids, too? The bastards!

    No, there is no irony here. Just shoot/hang/nucleardetonate them. I have little tolerance for malware writers, even if I do understand the motivation in many cases. I have none at all for someone who deliberately goes after a child.

  10. Anonymous Coward
    Anonymous Coward

    Servers in USA?

    I was surprised that seized servers associated with controlling the botnet where found in web-hosting facilities in Virginia and New Jersey. I'd have thought they'd have been hosted in countries that don't have as many laws in place. However, if I read the linked to report, it may answer that...

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019