17 April 2015

INTERPOL hits out against Simda, PC owners advised to scan their machines

The Simda botnet, believed to have infected more than 770,000 computers worldwide, was targeted in a global operation coordinated from the INTERPOL Global Complex for Innovation (IGCI) in Singapore last week. Simda was used by cyber criminals to gain remote access to computers enabling the theft of personal details, including banking passwords, as well as to install and spread other malicious malware.

Active for several years, Simda had been increasingly refined, with new more difficult-to-detect versions being generated and distributed every few hours. It has been used for crimes against citizens, financial institutions and the Internet itself, catching and redirecting traffic.

Microsoft’s Digital Crimes Unit provided forensic intelligence to INTERPOL and other partners after its big data analysis found a sharp increase in Simda infections around the world. The INTERPOL Digital Crime Centre (IDCC) at the IGCI worked with Microsoft, Kaspersky Lab, Trend Micro and Japan’s Cyber Defense Institute to perform additional analysis of the Simda botnet resulting in a ‘heat map’ showing the location of the command and control servers.

The majority of computer owners will be unaware their machine has been infected and are advised to check their machines and run a broad spectrum antivirus software. Microsoft has released a remedy to clean and restore an infected computer’s defenses which has also been provided to computer emergency response teams and Internet service providers for their customers to clean infected computers and keep people safe online.

“This successful operation shows the value and need for partnerships between national and international law enforcement with private industry in the fight against the global threat of cybercrime,” said Sanjay Virmani, Director of the IDCC. “This operation has dealt a significant blow to the Simda botnet and INTERPOL will continue in its work to assist member countries protect their citizens from cybercriminals and to identify other emerging threats.”

Microsoft has developed a free cleaning agent for Simda. Computer owners which suspect a Simda infection can run a scan using Microsoft Safety Scanner, Microsoft Security Essentials or Windows Defender.

Kaspersky Lab has set up a self-check webpage where the public can see if their IP address has been found to be part of a Simda botnet: https://checkip.kaspersky.com

Free virus scans are available from:
Kaspersky Lab: http://www.kaspersky.com/security-scan
Trend Micro: http://housecall.trendmicro.com/
Cyber Defense Institute: http://www.cyberdefense.jp/simda/

Computers users should clean their machines regularly, especially after having found their computer infected with Simda as other installed malware might still be present 
even after its removal.