Is your PC a part of botnet? Check it!

Many people still think that malware is a software that completely disrupts normal functioning of PCs. If your computer is working tip-top, it means it‘s not infected, right? Wrong. Malware creators are

checkip_EN

Many people still think that malware is a software that completely disrupts normal functioning of PCs. If your computer is working tip-top, it means its not infected, right? Wrong. Malware creators are not your bored cyber-cowboys anymore. The main goal of cybercriminals is not to make a cyber-badaboom just for kicks, but to earn money. In many cases this goal dictates completely opposite behaviour of malware: the best one is the least visible to users. 

For instance, such stealthbehaviour is often typical for botnets. Usually they consist of thousands of PCs, and if were talking about hugest ones, its hundreds of thousands of PCs. Owners of these computers dont have any clues that they are infected. All they can see is that PC works a bit slower, which is not unusual for PCs in general. 
Botnets are designed to gather personal data including passwords, social security numbers, credit card details, addresses and telephone numbers. This data may be used in crimes including identity theft, various types of fraud, spamming, and other malware distribution. Botnets can also be used to launch attacks on websites and networks.

It always takes a lot of efforts of many cooperating parties to shut down the large botnet. Recent example is Simda botnet, which is believed to have infected more than 770,000 computers in more than 190 countries. The most affected countries are the US, UK, Turkey, Canada and Russia.

botnet-simda-countries

Simda is, as one can say, vending botnetused to distribute illicit software and different types of malware, including those capable of stealing financial credentials. Creators of the specific malicious programs were simply paying Simda owners fee per each install. In other words, this botnet was a kind of huge trade chain for malware manufacturersThe botnet was active for years. To make malware more effective, Simda owners were working hard on new versions, generating and distributing them as frequently as every few hours. At the moment, Kaspersky Labs virus collection contains more than 260,000 executable files belonging to different versions of Simda malware.

A simultaneous take-down of 14 command and control servers of Simda botnet located in the Netherlands, US, Luxembourg, Russia and Poland was carried out on Thursday 9 April.

The list of organisation involved in this shut down operation perfectly illustrates its complexity. INTERPOL, Microsoft, Kaspersky Lab, Trend Micro, Cyber Defense Institute, FBI, Dutch National High-Tech Crime Unit (NHTCU), Police Grand-Ducale Section Nouvelles Technologies in Luxembourg, and Russian Ministry of the Interiors Department K were working together to counteract the cybercriminals.

Botnets are geographically distributed networks and it is usually a challenging task to take down such a thing. Thats why the collaborative effort of both private and public sectors is crucial here 
every party makes its own important contribution to the joint project, said Vitaly Kamluk, Principal Security Researcher at Kaspersky Lab, and currently on secondment to INTERPOL. In this case, Kaspersky Labs role was to provide technical analysis of the bot, collect botnet telemetry from the Kaspersky Security Network and advise on takedown strategies.As investigation is still ongoing, it is too early to tell who is behind the Simda botnet. What is important for us, users, is that as a result of the disruption operation, command and control servers used by criminals to communicate with infected machines have been shut down. Although the Simda botnet operation is suspended, people whose PCs were infected should get rid of this malware as soon as possible. Using information retreived from Simda botnet command and control servers Kaspersky Lab has created a special page where you can check, if your computers IP address is in the list of infected ones. 

Click here to check your computer

Click here to check your computer

Another option to make sure everythings alright with your PC is to use a free Kaspersky Security Scan tool or download 3-month valid trial version of our more powerful solution, Kaspersky Internet Security. Of course, all Kaspersky Lab solutions detect Simda malware. More information on Simda botnet is available at Securelist.

 

 

Tips