The operation saw Interpol's Digital Crime Centre (IDCC) coordinate with local law enforcement and the tech firms to mount a series of "simultaneous" server takedowns in the US, Russia, Luxembourg and Poland on 9 and 10 April.
The operation has been hailed as a major success in the ongoing battle against cyber crime.
Simda has been used to target everything from general web users to financial institutions for several years.
The attacks granted hackers remote access to victim systems and let them spread malware and steal vast amounts of data, including personal identifiable information and banking passwords.
Kaspersky Lab security expert Vitaly Kamluk said the campaign was particularly dangerous as it had defence-dodging capabilities.
"This bot is mysterious because it rarely appears on our KSN radars despite compromising a large number of hosts every day," he explained in a blog post.
"It has a number of methods to detect research sandbox environments with a view to tricking researchers by consuming all CPU resources or notifying the botnet owner about the external IP address of the research network.
"Another reason is a server-side polymorphism and the limited lifetime of the bots."
The operation began after Microsoft's Digital Crimes Unit spotted and reported a spike in Simda infections.
In January and February Interpol reported that Simda had enslaved 90,000 systems in the US alone.
The IDCC then worked with Microsoft, Kaspersky Lab, Trend Micro and Japan's Cyber Defense Institute to create a "heat map" detailing infection hot zones and the location of the botnet's command and control servers.
Microsoft has since released a Simda clean-up tool that will let users purge their systems of the malware.
IDCC director Sanjay Virmani said the combined operation demonstrated the value of collaboration between the public and private sectors in combating cyber crime.
"This successful operation shows the value and need for partnerships between national and international law enforcement with private industry in the fight against the global threat of cyber crime," said Virmani.
Trend Micro argued that businesses must devise more robust cyber security strategies if they hope to protect themselves from threats like Simda.
"We advise users to be cautious when opening emails. Avoid opening emails and attachments from senders who are unknown or who cannot be verified," explained Trend Micro in a blog post.
"P2P networks aren't inherently malicious but users should be aware that dealing with these sites can increase their chances of encountering malware.
"Users should also invest in a security solution that goes beyond simple malware detection; features such as spam detection and URL blocking can go a long way in protecting users from threats."
The Simda takedown is the latest in a series of anti-botnet operations.
A task force comprising Europol, the Dutch National High Tech Crime Unit and the FBI, with support from Intel, Kaspersky and Shadowserver, reported taking down the Beebone botnet on 9 April.
No comments:
Post a Comment