A major BOTNET was shutdown last week as the FBI & Interpol seized 14 command-and-control servers.  Microsoft, Kaspersky, Trend, and other major software vendors participated in helping take down this former threat.   




Microsoft MMPC -SIMDA Blog post

On 9 April, 2015 Kaspersky Lab was involved in the synchronized Simda botnet takedown operation coordinated by INTERPOL Global Complex for Innovation. In this case the investigation was initially started by Microsoft and expanded to involve a larger circle of participants including TrendMicro, the Cyber Defense Institute, officers from the Dutch National High Tech Crime Unit (NHTCU), the FBI, the Police Grand-Ducale Section Nouvelles Technologies in Luxembourg, and the Russian Ministry of the Interior’s Cybercrime Department “K” supported by the INTERPOL National Central Bureau in Moscow.

As a result of this takedown 14 C&C servers were seized in the Netherlands, USA, Luxembourg, Poland and Russia. Preliminary analysis of some of the sinkholed server logs revealed a list of 190 countries affected by the Simda botnet. Microsoft said it measured about 128,000 new Simda.AT infections each month for the past six months, with a sharp increase in recent weeks, registering 90,000 new infections in the US alone in the first two months of 2015. The countries most affected include the US, the UK, Turkey, Canada and Russia, according to Interpol.

Kaspersky IP CHECK to see if PC was registered as part of BOTNET