The SIMDA botnet, which spanned victims in 190 countries around the world, was successfully taken down through the collaboration between Trend Micro, INTERPOL, Microsoft, Kaspersky Lab, and the Cyber Defense Institute. These networks of compromised computers (Botnets) can generate huge sums of money for the cybercriminals behind them. The global dispersion of systems also tend to help criminals by committing crimes in many regions of the world and as such making it very difficult for law enforcement to deal with. This is where successful Public/Private Partnerships (PPPs) are making it difficult for cybercriminals to stay out of jail. Trend Micro and Kaspersky both have threat researchers working in the INTERPOL Singapore headquarters to support their efforts in investigations and as such we were both called in to help in this operation. The security industry has many, extremely good investigators who have access to unique threat intelligence not always available to law enforcement unless they request it. Law enforcement are the only ones who can build a case and arrest the threat actors and so building successful partnerships allows us to combat cybercrime much more effectively than in the past and seeing more arrests occurring today due to this.
This is a tenant of Trend Micro’s strategy as we feel the only way to successfully remove a botnet is to ensure the criminals behind it are arrested as well. Otherwise, as we’ve seen in the past, just shutting down the Command & Control infrastructure tends to only momentarily suspend the botnet activities. Typically the actors are able to rebuild their botnets within days or even hours in many cases. Trend Micro was also part of the recent Operation Source in which Europol and the FBI were able to successfully bring down a large botnet too. We will continue to promote and support PPPs to ensure as many cybercriminals are brought to justice as possible.
Details of the botnet can be found on our Security Intelligence blog. For those users who think they may be infected, we have ensured our solutions are able to detect and clean the malware associated with the botnet. This includes our OfficeScan, Worry-Free Business Security, Internet Security, and even our free online scanner, HouseCall. Other best practices to ensure you don’t become a zombie and part of a botnet are:
I wrote an article last year that outlines the trends in botnets as well as provided an infographic with helpful information. Feel free to review this post as well.
Botnets are effective tools in cybercriminals handbag and we see them for sale within many of the criminal undergrounds, but as law enforcement continues to partner with private industry to successfully take down the botnets and arrest the actors behind them, we will hopefully see less use of this tool due to the risks associated with them.
Please add your thoughts in the comments below or follow me on Twitter; @jonlclay.