View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 25, 2015

Europol, Microsoft and Symantec whack 3.2m user botnet

International criminal enterprise was hosted in Hampshire.

By Jimmy Nicholls

Europol has taken down a malicious network that infected 3.2 million computers across the globe, in acoordinated action with Microsoft and Symantec.

The Ramnit botnet had been used by hackers to hijack machines in order to steal banking details and passwords, as well as disable antivirus systems, having been spread through spam emails and malicious websites.

Steve Pye, senior manager of cyber operations at the NCA, which was involved in the takedown, said: "Through this operation, we are disrupting a cybercrime threat which has left thousands of ordinary computer users in the UK at risk of having their privacy and personal information compromised.

"This malware effectively gives criminals a back door so they can take control of your computer, access your images, passwords or personal data and even use it to circulate further spam messages or launch illegal attacks on other websites."

The UK, which housed a server responsible for spreading the virus in Gosport, Hampshire, is thought to account for 33,000 of the machines infected with Ramnit. However Symantec reported that more than half of all victims were located in India, Indonesia and Vietnam.

Having started life as a computer worm in 2010 Ramnit later evolved tools to grab cookies, scan drives and make use of an anonymous file transfer protocol in order to make the crimes harder to track.

"Ramnit’s authors have incorporated a number of features that make it difficult to banish from a compromised computer," the company said, writing on the company blog. "During installation, it will place a copy of itself into the computer’s memory as well as writing itself to the hard disk.

Content from our partners
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business
When it comes to AI, remember not every problem is a nail

"The memory-based copy actively monitors the hard disk and, if it detects that the hard disk-based copy has been removed or quarantined, it will drop another copy back on to the hard disk to keep the infection alive."

The takedown was prompted after Microsoft spotted a surge in infections, and reported their findings to Europol.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.