{"id":8304,"date":"2015-04-13T10:00:10","date_gmt":"2015-04-13T14:00:10","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=8304"},"modified":"2020-02-26T11:01:17","modified_gmt":"2020-02-26T16:01:17","slug":"simda-botnet-check","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/simda-botnet-check\/8304\/","title":{"rendered":"Is your PC a part of a botnet? Check it!"},"content":{"rendered":"<p><a href=\"https:\/\/checkip.kaspersky.com\/?utm_source=KD&amp;utm_medium=text&amp;utm_campaign=kd-com\"><img decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2015\/04\/06040919\/checkip_EN.png\" alt=\"Check your IP\" width=\"222\" height=\"52\" class=\"aligncenter size-full wp-image-8361\"><\/a><\/p>\n<p>Many people still think that malware is a software that completely disrupts the normal functioning of PCs. If your computer is working well, it means it\u2019s not infected, right? Wrong. Malware creators are not your bored cyber-cowboys anymore. The main goal of cybercriminals is not to make a cyber-disaster just for kicks, but to earn money. In many cases this goal dictates the complete opposite behavior of malware: the best one is the least visible to users.<\/p>\n<p>For instance, such \u2018stealth\u2019 behavior is often typical for <a href=\"https:\/\/www.kaspersky.com\/blog\/botnet\/\" target=\"_blank\" rel=\"noopener nofollow\">botnets<\/a>. Usually they consist of thousands of PCs, and if we\u2019re talking about the biggest\u00a0ones, it\u2019s hundreds of thousands of PCs. Owners of these computers don\u2019t have any idea\u00a0that they are infected. All they can see is that their PC works a bit slower, which is not unusual for PCs in general.<\/p>\n<p>Botnets are designed to gather personal data including passwords, social security numbers, credit card details, addresses and telephone numbers. This data may be used in crimes including identity theft, various types of fraud, spamming, and other malware distribution. Botnets can also be used to launch attacks on websites and networks.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Kaspersky along with Intel and ShadowServer help to bring down the Beebone botnet \u2013 <a href=\"http:\/\/t.co\/xCOKx49m7B\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/xCOKx49m7B<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/586293791436447744?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 9, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>It always takes a lot of effort by\u00a0many cooperating parties to shut down a\u00a0large botnet. A recent example is the Simda botnet, which is believed to have infected more than 770,000 computers in more than 190 countries. The most affected countries are the US, UK, Turkey, Canada and Russia.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2015\/04\/06041025\/botnet-simda-countries.png\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-8314\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2015\/04\/06041025\/botnet-simda-countries.png\" alt=\"Distribution of victims of Simda botnet by country\" width=\"654\" height=\"399\"><\/a><\/p>\n<p>Simda is a \u2018vending botnet\u2019 used to distribute illicit software and different types of malware, including those capable of stealing financial credentials. Creators of the specific malicious programs were simply paying the Simda owners a fee per each install. In other words, this botnet was a kind of huge trade chain for malware \u2018manufacturers\u2019.<\/p>\n<p>The botnet was active for years. To make the malware more effective, Simda owners were working hard on new versions, generating and distributing them as frequently as every few hours. At the moment, Kaspersky Lab\u2019s virus collection contains more than 260,000 executable files belonging to different versions of the Simda malware.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>Is your PC a part of the huge #Simda #botnet? Check it!<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2F37a5&amp;text=Is+your+PC+a+part+of+the+huge+%23Simda+%23botnet%3F+Check+it%21\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>A simultaneous take-down of 14 command and control servers of the Simda botnet located in the Netherlands, US, Luxembourg, Russia and Poland was carried out on Thursday, April 9th.<\/p>\n<p>The list of organization involved in this shut down operation perfectly illustrates its complexity. INTERPOL, Microsoft, Kaspersky Lab, Trend Micro, Cyber Defense Institute, FBI, Dutch National High-Tech Crime Unit (NHTCU), Police Grand-Ducale Section Nouvelles Technologies in Luxembourg, and Russian Ministry of the Interior\u2019s Department \u2018K\u2019 were working together to counteract the cybercriminals.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">@INTERPOL_GCI coordinated <a href=\"https:\/\/twitter.com\/hashtag\/Simda?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Simda<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/botnet?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#botnet<\/a> operation with private sector <a href=\"https:\/\/twitter.com\/Microsoft?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@Microsoft<\/a> <a href=\"https:\/\/twitter.com\/kaspersky?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@kaspersky<\/a> <a href=\"https:\/\/twitter.com\/TrendMicro?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@TrendMicro<\/a> and Cyber Defense Institute<\/p>\n<p>\u2014 INTERPOL (@INTERPOL_HQ) <a href=\"https:\/\/twitter.com\/INTERPOL_HQ\/status\/587470291108024320?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 13, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>\u201cBotnets are geographically distributed networks and it is usually a challenging task to take down such a thing. That\u2019s why the collaborative effort of both private and public sectors is crucial here \u2013 every party makes its own important contribution to the joint project,\u201d said Vitaly Kamluk, Principal Security Researcher at Kaspersky Lab, and currently working closely with\u00a0INTERPOL. \u201cIn this case, Kaspersky Lab\u2019s role was to provide technical analysis of the bot, collect botnet telemetry from the Kaspersky Security Network and advise on takedown strategies.\u201d<\/p>\n<p>As the investigation is still ongoing, it is too early to tell who is behind the Simda botnet. What is important for users is that as a result of the disruption operation, command and control servers used by criminals to communicate with infected machines have been shut down. Although the Simda botnet operation is suspended, people whose PCs were infected should get rid of this malware as soon as possible.<\/p>\n<p>Using information retreived from the Simda botnet\u2019s command and control servers, Kaspersky Lab has created <a href=\"https:\/\/checkip.kaspersky.com\/?utm_source=KD&amp;utm_medium=text&amp;utm_campaign=kd-com\" target=\"_blank\" rel=\"noopener nofollow\">a special page where you can check<\/a>, if\u00a0your computer\u2019s IP address is in the list of infected ones.<\/p>\n<div id=\"attachment_8309\" style=\"width: 1290px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/checkip.kaspersky.com\/?utm_source=KD&amp;utm_medium=text&amp;utm_campaign=kd-com\"><img decoding=\"async\" aria-describedby=\"caption-attachment-8309\" class=\"wp-image-8309 size-full\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2015\/04\/06041028\/simda-check.jpg\" alt=\"Is your PC a part of Simda botnet? Check it!\" width=\"1280\" height=\"650\"><\/a><p id=\"caption-attachment-8309\" class=\"wp-caption-text\"><a href=\"https:\/\/checkip.kaspersky.com\/?utm_source=KD&amp;utm_medium=text&amp;utm_campaign=kd-com\" target=\"_blank\" rel=\"noopener nofollow\">Click here to check your computer<\/a><\/p><\/div>\n<p>Another option to make sure everything\u2019s alright with your PC by\u00a0using a free <a href=\"https:\/\/www.kaspersky.com\/security-scan\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky Security Scan<\/a> tool or download 3-month valid trial version of our more powerful solution, <a href=\"https:\/\/www.kaspersky.com\/advert\/free-trials\/multi-device-security?redef=1&amp;THRU&amp;reseller=blog_en-global\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky Internet Security<\/a>. Of course, all Kaspersky Lab solutions detect the Simda malware. More information on the Simda botnet is available <a href=\"https:\/\/securelist.com\/blog\/69580\/simdas-hide-and-seek-grown-up-games\/\" target=\"_blank\" rel=\"noopener\">at Securelist<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recently Interpol, Microsoft and Kaspersky Lab revealed and the shut down of a huge botnet which zombified about 770,000 PCs worldwide. Check this story out and then check your PC<\/p>\n","protected":false},"author":421,"featured_media":8311,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,2683],"tags":[392,1060,605,347,569,36,97,1059],"class_list":{"0":"post-8304","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-botnet","10":"tag-check","11":"tag-great","12":"tag-interpol","13":"tag-ksn","14":"tag-malware-2","15":"tag-security-2","16":"tag-simda"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/simda-botnet-check\/8304\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/simda-botnet-check\/4751\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/simda-botnet-check\/3321\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/simda-botnet-check\/5634\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/simda-botnet-check\/5781\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/simda-botnet-check\/7489\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/simda-botnet-check\/7327\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/simda-botnet-check\/7489\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/simda-botnet-check\/8304\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/simda-botnet-check\/8304\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/botnet\/","name":"botnet"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/8304","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/421"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=8304"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/8304\/revisions"}],"predecessor-version":[{"id":33502,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/8304\/revisions\/33502"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/8311"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=8304"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=8304"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=8304"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}