News

Dangerous Simda Malware Stopped by INTERPOL, But it Could Return

2015-05-05

A far-reaching, dangerous botnet named “Simda” was recently dealt a powerful blow thanks to the joint efforts of INTERPOL, the Dutch National High Tech Crime Unit (DNHTCU), the FBI, Microsoft, and several other organizations, as reported by TechTarget . The botnet made use of various hidden backdoors to control people’s computers for sinister aims such as the theft of online banking information, the distribution of malware for bitcoin mining, and the hijacking of web browsers. Statistics from INTERPOL show that Simda infected over 770,000 computers throughout the world during its lifespan; and although it has been temporarily knocked offline, it could easily return for another bout of mischief and mayhem.


Aside from exploiting a variety of high-risk vulnerabilities (via JavaScript, Adobe Flash, and Microsoft Office, to name just a few popular vehicles), cybercriminals also use malware distribution, spam and other techniques to infect people’s computers. In the case of the most recent Simda variant, a sneaky redirect technique was employed. The Simda botnet was able to modify individual users’ system files to hijack connect.facebook.net or google-analytics.com, and direct those users to servers specified by the cybercriminals. Therefore, even though Simda has been wiped offline for the time being, the host files may still exist on previously-infected systems. This means that the late Simda may yet rise from the ashes.

 

Even though the Simda botnet has been temporarily defeated after a worldwide battle, it’s not unlikely that teams of cybercriminals will work quickly to develop new, devious botnets and continue their assault on people’s computers. 


How to Check for Simda, Remove it, and Prevent it in the Future:


Baidu Antivirus users can use the built-in System Repair tool in the Toolkit to check if their machine is infected with the Simda virus. If the virus is found, Baidu Antivirus can safely and easily remove it. Users can also enable Baidu Antivirus’s real-time protection feature to intercept Simda if it attempts to infect their computers.


Figure 1. Baidu Antivirus detects the Simda botnet

Finally, the Baidu Antivirus Security Center would like to give its users three important suggestions to avoid infection from Simda and other dangerous threats:

1.Never click on suspicious or unknown links in emails or on social networks;

2.Never download software from unfamiliar websites, and if you must, be sure to scan the executable file prior to opening it;

3.Always ensure that your security and/or antivirus software is up-to-date, and regularly scan your PC for viruses. 

 

Sources: TechTarget , US-CERT

Download Baidu Antivirus – the best free antivirus – here: Download