{"id":4751,"date":"2015-04-13T02:21:48","date_gmt":"2015-04-13T06:21:48","guid":{"rendered":"http:\/\/me-en.kaspersky.com\/blog\/?p=4751"},"modified":"2020-02-26T18:59:42","modified_gmt":"2020-02-26T14:59:42","slug":"simda-botnet-check","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/simda-botnet-check\/4751\/","title":{"rendered":"Is your PC a part of botnet? Check it!"},"content":{"rendered":"<p><a href=\"https:\/\/checkip.kaspersky.com\/?utm_source=KD&amp;utm_medium=text&amp;utm_campaign=kd-com\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-4756\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2015\/04\/05103946\/checkip_EN.png\" alt=\"checkip_EN\" width=\"222\" height=\"52\"><\/a><\/p>\n<p><span id=\"ext-gen508\" class=\"tx\">Many people still think that malware is a software that completely disrupts normal functioning of\u00a0<\/span><span id=\"ext-gen507\" class=\"tx\">PCs. If your computer is working tip-top, it means it<\/span><span class=\"tx f117\">\u2018<\/span><span id=\"ext-gen509\" class=\"tx\">s not infected, right? Wrong. Malware creators\u00a0<\/span><span id=\"ext-gen555\" class=\"tx\">are not your bored cyber-cowboys anymore. The main goal of cybercriminals is not to make a\u00a0<\/span><span id=\"ext-gen556\" class=\"tx\">cyber-badaboom just for kicks, but to earn money. In many cases this goal dictates completely\u00a0<\/span><span id=\"ext-gen557\" class=\"tx\">opposite behaviour of malware: the best one is the least visible to users.\u00a0<\/span><\/p>\n<p><span id=\"ext-gen564\" class=\"tx\">For instance, such\u00a0<\/span><span class=\"tx f117\">\u2018<\/span><span class=\"tx\">stealth<\/span><span class=\"tx f117\">\u2018<\/span><span class=\"tx\">behaviour is often typical for\u00a0<\/span><span class=\"tx\">botnets<\/span><span class=\"tx\">. Usually they consist of thousands\u00a0<\/span><span id=\"ext-gen565\" class=\"tx\">of PCs, and if we<\/span><span class=\"tx f117\">\u2018<\/span><span id=\"ext-gen563\" class=\"tx\">re talking about hugest ones, it<\/span><span class=\"tx f117\">\u2018<\/span><span id=\"ext-gen515\" class=\"tx\">s hundreds of thousands of PCs. Owners of these\u00a0<\/span><span id=\"ext-gen566\" class=\"tx\">computers don<\/span><span class=\"tx f117\">\u2018<\/span><span id=\"ext-gen514\" class=\"tx\">t have any clues that they are infected. All they can see is that PC works a bit\u00a0<\/span><span id=\"ext-gen513\" class=\"tx\">slower, which is not unusual for PCs in general.\u00a0<\/span><span id=\"ext-gen512\" class=\"tx\"><\/span><br>\n<span id=\"ext-gen511\" class=\"tx f21\">Botnets are designed to gather personal data including passwords, social security numbers, credit\u00a0<\/span><span id=\"ext-gen510\" class=\"tx f21\">card details, addresses and telephone numbers. This data may be used in crimes including identity\u00a0<\/span><span id=\"ext-gen567\" class=\"tx f21\">theft, various types of fraud, spamming, and other malware distribution. Botnets can also be used\u00a0<\/span><span id=\"ext-gen568\" class=\"tx f21\">to launch attacks on websites and networks.<\/span><\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Kaspersky along with Intel and ShadowServer help to bring down the Beebone botnet \u2013 <a href=\"http:\/\/t.co\/xCOKx49m7B\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/xCOKx49m7B<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/586293791436447744?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 9, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><span id=\"ext-gen574\" class=\"tx\">It always takes a lot of efforts of many cooperating parties to shut down the large botnet. Recent\u00a0<\/span><span id=\"ext-gen576\" class=\"tx\">example is Simda botnet, which is believed to have infected more than 770,000 computers in more\u00a0<\/span><span id=\"ext-gen577\" class=\"tx\">than 190 countries. The most affected countries are the US, UK, Turkey, Canada and Russia.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-4753\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2015\/04\/05103948\/botnet-simda-countries.png\" alt=\"botnet-simda-countries\" width=\"654\" height=\"399\"><\/p>\n<p><span id=\"ext-gen588\" class=\"tx\">Simda is, as one can say,\u00a0<\/span><span class=\"tx f117\">\u2018<\/span><span class=\"tx\">vending botnet<\/span><span class=\"tx f117\">\u2018<\/span><span class=\"tx\">used to distribute illicit software and different types of\u00a0<\/span><span id=\"ext-gen587\" class=\"tx\">malware, including those capable of stealing financial credentials. Creators of the specific\u00a0<\/span><span id=\"ext-gen586\" class=\"tx\">malicious programs were simply paying Simda owners fee per each install. In other words, this\u00a0<\/span><span id=\"ext-gen585\" class=\"tx\">botnet was a kind of huge trade chain for malware\u00a0<\/span><span class=\"tx f117\">\u2018<\/span><span class=\"tx\">manufacturers<\/span><span class=\"tx f117\">\u2018<\/span><span class=\"tx\">.\u00a0<\/span><span id=\"ext-gen584\" class=\"tx\"><\/span><span id=\"ext-gen590\" class=\"tx\">The botnet was active for years. To make malware more effective, Simda owners were working\u00a0<\/span><span id=\"ext-gen591\" class=\"tx\">hard on new versions, generating and distributing them as frequently as every few hours. At the\u00a0<\/span><span class=\"tx\">moment, Kaspersky Lab<\/span><span class=\"tx f117\">\u2018<\/span><span id=\"ext-gen592\" class=\"tx\">s virus collection contains more than 260,000 executable files belonging\u00a0<\/span><span id=\"ext-gen593\" class=\"tx\">to different versions of Simda malware.<\/span><\/p>\n<blockquote class=\"twitter-pullquote\"><p>Is your PC a part of the huge #Simda #botnet? Check it!<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FT24d&amp;text=Is+your+PC+a+part+of+the+huge+%23Simda+%23botnet%3F+Check+it%21\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p><span id=\"ext-gen603\" class=\"tx\">A simultaneous take-down of 14 command and control servers of Simda botnet located in the\u00a0<\/span><span id=\"ext-gen604\" class=\"tx\">Netherlands, US, Luxembourg, Russia and Poland was carried out on Thursday 9 April.<\/span><\/p>\n<p><span id=\"ext-gen627\" class=\"tx\">The list of organisation involved in this shut down operation perfectly illustrates its complexity.\u00a0<\/span><span id=\"ext-gen619\" class=\"tx\">INTERPOL, Microsoft, Kaspersky Lab, Trend Micro, Cyber Defense Institute, FBI, Dutch National\u00a0<\/span><span id=\"ext-gen629\" class=\"tx\">High-Tech Crime Unit (NHTCU),\u00a0<\/span><span class=\"tx\">Police Grand-Ducale Section Nouvelles Technologies in\u00a0<\/span><span id=\"ext-gen618\" class=\"tx\">Luxembourg, and Russian Ministry of the Interior<\/span><span class=\"tx f124\">\u2018<\/span><span class=\"tx\">s Department\u00a0<\/span><span class=\"tx f124\">\u2018<\/span><span class=\"tx\">K<\/span><span class=\"tx f124\">\u2018<\/span><span class=\"tx f9\">\u00a0<\/span><span class=\"tx\">were working together to\u00a0<\/span><span id=\"ext-gen617\" class=\"tx\">counteract the cybercriminals.<\/span><\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">@INTERPOL_GCI coordinated <a href=\"https:\/\/twitter.com\/hashtag\/Simda?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Simda<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/botnet?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#botnet<\/a> operation with private sector <a href=\"https:\/\/twitter.com\/Microsoft?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@Microsoft<\/a> <a href=\"https:\/\/twitter.com\/kaspersky?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@kaspersky<\/a> <a href=\"https:\/\/twitter.com\/TrendMicro?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@TrendMicro<\/a> and Cyber Defense Institute<\/p>\n<p>\u2014 INTERPOL (@INTERPOL_HQ) <a href=\"https:\/\/twitter.com\/INTERPOL_HQ\/status\/587470291108024320?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 13, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><span id=\"ext-gen634\" class=\"tx f124\">\u201c<\/span><span id=\"ext-gen613\" class=\"tx\">Botnets are geographically distributed networks and it is usually a challenging task to take down\u00a0<\/span><span id=\"ext-gen633\" class=\"tx\">such a thing. That<\/span><span class=\"tx f124\">\u2018<\/span><span id=\"ext-gen612\" class=\"tx\">s why the collaborative effort of both private and public sectors is crucial here\u00a0<\/span><span class=\"tx f124\">\u2013<\/span><br>\n<span id=\"ext-gen611\" class=\"tx\">every party makes its own important contribution to the joint project,<\/span><span class=\"tx f124\">\u201c<\/span><span class=\"tx f9\">\u00a0<\/span><span class=\"tx\">said Vitaly Kamluk, Principal\u00a0<\/span><span id=\"ext-gen610\" class=\"tx\">Security Researcher at Kaspersky Lab, and currently on secondment to INTERPOL.\u00a0<\/span><span class=\"tx f124\">\u201c<\/span><span class=\"tx\">In this case,\u00a0<\/span><span id=\"ext-gen635\" class=\"tx\">Kaspersky Lab<\/span><span class=\"tx f124\">\u2018<\/span><span id=\"ext-gen609\" class=\"tx\">s role was to provide technical analysis of the bot, collect botnet telemetry from the\u00a0<\/span><span id=\"ext-gen608\" class=\"tx\">Kaspersky Security Network and advise on takedown strategies.<\/span><span class=\"tx f124\">\u201c<\/span><span id=\"ext-gen636\" class=\"tx\"><\/span><span class=\"tx\">As i<\/span><span id=\"ext-gen637\" class=\"tx\">nvestigation is still ongoing, it is too early to tell who is behind the Simda botnet. What is\u00a0<\/span><span id=\"ext-gen638\" class=\"tx\">important for us, users, is that as a result of the disruption operation, command and control servers\u00a0<\/span><span id=\"ext-gen639\" class=\"tx\">used by criminals to communicate with infected machines have been shut down. Although the\u00a0<\/span><span id=\"ext-gen640\" class=\"tx\">Simda botnet operation is suspended, people whose PCs were infected should get rid of this\u00a0<\/span><span id=\"ext-gen641\" class=\"tx\">malware as soon as possible.\u00a0<\/span><span id=\"ext-gen642\" class=\"tx\"><\/span><span id=\"ext-gen643\" class=\"tx\">Using information retreived from Simda botnet command and control servers Kaspersky Lab has\u00a0<\/span><span class=\"tx\">created\u00a0<\/span><span class=\"tx\">a <a href=\"https:\/\/checkip.kaspersky.com\/?utm_source=KD&amp;utm_medium=text&amp;utm_campaign=kd-com\" target=\"_blank\" rel=\"noopener nofollow\">special page where you can check<\/a><\/span><span class=\"tx\"><a href=\"https:\/\/checkip.kaspersky.com\/?utm_source=KD&amp;utm_medium=text&amp;utm_campaign=kd-com\" target=\"_blank\" rel=\"noopener nofollow\">,<\/a> if your computer<\/span><span class=\"tx f124\">\u2018<\/span><span class=\"tx\">s IP address is in the list of infected\u00a0<\/span><span class=\"tx\">ones.\u00a0<\/span><\/p>\n<div id=\"attachment_4754\" style=\"width: 1290px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/checkip.kaspersky.com\/?utm_source=KD&amp;utm_medium=text&amp;utm_campaign=kd-com\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4754\" class=\"size-full wp-image-4754\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2015\/04\/05103947\/simda-check.jpg\" alt=\"Click here to check your computer \" width=\"1280\" height=\"650\"><\/a><p id=\"caption-attachment-4754\" class=\"wp-caption-text\">Click here to check your computer<\/p><\/div>\n<p><span id=\"ext-gen648\" class=\"tx\">Another option to make sure everything<\/span><span class=\"tx f124\">\u2018<\/span><span class=\"tx\">s alright with your PC is to use a free<\/span><span class=\"tx\">\u00a0<\/span><a href=\"https:\/\/www.kaspersky.com\/security-scan\" target=\"_blank\" rel=\"noopener nofollow\"><span class=\"tx\">Kaspersky\u00a0<\/span><span class=\"tx\">Security Scan<\/span><\/a><span id=\"ext-gen647\" class=\"tx\"><a href=\"https:\/\/www.kaspersky.com\/security-scan\" target=\"_blank\" rel=\"noopener nofollow\">\u00a0tool<\/a> or download 3-month valid trial version of our more powerful solution,\u00a0<\/span><a href=\"https:\/\/kas.pr\/zwa5\" target=\"_blank\" rel=\"noopener\"><span id=\"ext-gen645\" class=\"tx\">Kaspersky Internet Security<\/span><\/a><span id=\"ext-gen517\" class=\"tx\">. Of course, all Kaspersky Lab solutions detect Simda malware. More\u00a0<\/span><span id=\"ext-gen644\" class=\"tx\">information on Simda botnet is available at\u00a0<\/span><a href=\"https:\/\/securelist.com\/blog\/69580\/simdas-hide-and-seek-grown-up-games\/\" target=\"_blank\" rel=\"noopener\"><span class=\"tx\">Securelist<\/span><\/a><span class=\"tx\">.<\/span><\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Many people still think that malware is a software that completely disrupts normal functioning of\u00a0PCs. If your computer is working tip-top, it means it\u2018s not infected, right? Wrong. Malware creators\u00a0are<\/p>\n","protected":false},"author":421,"featured_media":4752,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,1486],"tags":[392,575,347,973,36,97,972],"class_list":{"0":"post-4751","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-botnet","10":"tag-great","11":"tag-interpol","12":"tag-ksn","13":"tag-malware-2","14":"tag-security-2","15":"tag-simda"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/simda-botnet-check\/4751\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/simda-botnet-check\/3321\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/simda-botnet-check\/5634\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/simda-botnet-check\/5781\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/simda-botnet-check\/7489\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/simda-botnet-check\/8304\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/simda-botnet-check\/7327\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/simda-botnet-check\/7489\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/simda-botnet-check\/8304\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/simda-botnet-check\/8304\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/botnet\/","name":"botnet"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4751","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/421"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=4751"}],"version-history":[{"count":3,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4751\/revisions"}],"predecessor-version":[{"id":15996,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4751\/revisions\/15996"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/4752"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=4751"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=4751"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=4751"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}