Connect with us

Hi, what are you looking for?

Tech & Science

Law enforcement closes down massive botnet of 770,000 computers

Known as Simba, Ars Technica reports that it has been capable of infecting an additional 128,000 new computers each month over the past half year. It has been operating so successfully for so long because the backdoor trojan that it relies on “regenerated” into a new form every few hours.
Even if one form was picked up by antivirus software, a few hours later it was gone and the botnet was infecting new machines again. In this way, Simba spread itself around the world on a sort of malicious holiday, gallivanting from place to place as it chose and immune to whatever it encountered.
The takedown was finally executed last Thursday and Friday. Organised by the Interpol Global Complex for Innovation in Singapore, it included officers working for the Dutch National High Tech Crime Unit, the US FBI, the Police Grand-Ducale Section Nouvelles Technologies in Luxembourg and the Russian Ministry of the Interior’s Cybercrime Department.
The group worked closely with Japan’s Cyber Defense Institute, Microsoft and security firms Kaspsersky Lab and Trend Micro to carry out a sophisticated simultaneous seizure of 14 Simba command and control servers located in the Netherlands, US, Luxembourg, Poland and Russia. The operation was completed successfully and Simba is no more.
Simba operated by modifying the Windows hosts file. This file is vital to Windows networking operating successfully and maps domain names to IP addresses. The malware used this functionality to hijack users’ web searches.
When a user tried to visit domains including connect.facebook.net, they were actually redirected to servers run by the attackers where their banking credentials were often stolen. It is important to note that if Simba is installed on your machine then your searches will still be redirected now even though the servers are not live.
Kaspersky Lab is running a detection page which you can use to check if you were infected. You can also manually check your hosts file inside C:WindowsSystem32driversetchosts on a typically configured system.
If you are a “normal” user of Windows, it is likely to include only entries for the IP address “127.0.0.1”, routed to “localhost.” If you see any of the domain names mentioned in this article listed then they were added by Simba and should be removed along with any other suspicious entries.
With this massive botnet gone, the Internet has become just a little bit safer. Many more still exist of course but it is encouraging to see such a large collective working in unison to achieve the simultaneous takedown of so many maliciously-operated servers.

Written By

You may also like:

Business

United Airlines CEO Scott Kirby said the carrier was reviewing recent incidents and would redouble safety initiatives as needed - Copyright AFP Logan CyrusUnited...

World

US President Joe Biden speaks during a reception honoring Women's History Month at the White House - Copyright AFP Brendan SMIALOWSKIDanny KEMPUS President Joe...

Business

A Milei marks 100 days in office, thousands protest his austerity measures - Copyright AFP Luis ROBAYOLeila MACORArgentina’s President Javier Milei has slashed public...

Life

The Michelin Guide unveiled its annual list of the best French restaurants, praising the "cultural dynamism" of a new generation of chefs.