Kaspersky snares Simda botnet with international help

Simda botnet

Kaspersky and a group of IT companies including Microsoft and Trend Micro have worked together to reduce the scope of the Simda botnet.

The action taken by the group, which was formed by INTERPOL's Global Complex for Innovation in Singapore, saw law enforcement agencies seize 10 command and control servers in the Netherlands and take down other servers in the US, Russia, Luxembourg and Poland.

Law enforcement agencies including the Dutch National High Tech Crime Unit, Police Grand-Ducale Section Nouvelles Technologies in Luxembourg, the FBI and Russian Ministry of the Interior's Cybercrime Department "K" took part in the operation on April 9.

Simda is a pay-per-install malware that can easily issue illicit software and other malware that can pilfer sensitive financial information. Distributors generate money by selling access to infected PCs to other criminals who can then install additional programs.

Attackers distribute the malware by breaking in to legitimate websites or servers and then inserting malicious code into those sites. This means that users visiting the pages are served up the illicit content, it infects their PC and information can then be stolen.

770,000 machines in 190 countries have been infected with most of the instances taking place in the US. Kaspersky added that the UK, Canada, Russia and Turkey were also hit hard.

Is my PC infected?

Simda has been active for years and exploit artists have worked hard to refine it to exploit literally any vulnerability present in a targeted site. This has meant that new versions have continually shown up and Kaspersky Lab's virus collection has caught over 260,000 executable files belonging to different versions of Simda.

Even though Kaspersky Lab has taken down a significant part of the Simda botnet network, it is still out there and to that end Kaspersky has provided a CheckIP site where you can find out if your PC is affected. If your address does show up Kaspersky points out that, even though it could be another machine on your network, you should make sure your anti-malware software is up to date.