View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Interpol, Microsoft & Kaspersky take down 770,000 strong malicious network

Simda variant was used to steal personal details such as banking info.

By Jimmy Nicholls

Interpol and a group of security vendors have knocked out a malicious network that had infected more than 770,000 computers across the world.

Police forces around the world co-ordinated to seize command and control (C&C) servers responsible for directing a variant of the Simda malware, with ten taken in the Netherlands and others grabbed in the US, Russia, Luxembourg and Poland.

Sanjay Virmani, director of the Interpol Digital Crime Centre, said: "This successful operation shows the value and need for partnerships between national and international law enforcement with private industry in the fight against the global threat of cybercrime.

"This operation has dealt a significant blow to the Simda botnet and Interpol will continue in its work to assist member countries protect their citizens from cybercriminals and to identify other emerging threats."

The Simda variant was used to steal personal details such as banking passwords, and could also be used to infect victims’ machines with further malware.

The virus, which first appeared in this form in 2012, had spread to almost every country in the world, with the worst hit including the UK, US, and much of Western and Central Europe.

"Our collective efforts, and cooperation in this investigation have made a positive impact in combating this constant, evolving threat," said Joseph Demarest, assistant director at the FBI Cyber Division.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

"We will continue working alongside our international partners and international law enforcement to aggressively pursue cyber criminals around the world."

Microsoft, which worked alongside Trend Micro and Kaspersky Lab to take down the malicious network, reported that it had detected 128,000 new cases of the Simda variant each month for the past six months.

"With Simda.AT, the most common infection vector we identified was compromised websites using embedded or injected JavaScript," said security researchers at the firm in a blog post.

"Compromised sites were used to redirect users’ traffic to another website, named the ‘gate’."

The hackers behind Simda were also found to have programmed a number of evasive techniques into the malware, which could lie dormant if it detected it was being run in a security research environment for the purpose of analysis.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.