In what sounds like a scene out of one of those (well meaning, but never remotely accurate) cyber-action movies, teams of technicians from Symantec
’s Digital Crimes unit wielding a court order from the U.S. District Court in Alexandria, Virginia, were escorted by U.S. Federal Marshals in raids on data centers in New Jersey and Virginia yesterday.
Yes, that happened. According to Reuters, the purpose of the raids was to shut down the Bamital botnet
by yanking offline servers that had been used to control between 300,000 and 1 million infected PCs as part of a massive click fraud
campaign perpetrated by at least 18 individuals scattered across the globe, including in Russia, Romania, Britain, the U.S., and Australia. A spokesperson from Microsoft stated that the group believes that it successfully took down all of the offending servers while admitting that time would tell if that was indeed the case.
Microsoft's Richard Boscovich and Craig Schmidt and a cyberforensics expert at the New Jersey raid
The team will look over the seized servers to glean as much information as possible about how the click fraud scheme worked and hopefully track and catch the perpetrators.
The next time users of infected computers log on to the Internet, they will receive a message stating:
"You have reached this website because your computer is very likely to be infected by malware that redirects the results of your search queries. You will receive this notification until you remove the malware from your computer."
Microsoft and Symantec are providing free tools for victims to clean off their computers and regain Web access.