Command and control servers in the Netherlands, United States, Russia, Luxembourg and Poland were seized by the authorities, preventing the criminals from exploiting the botnet to install further malware and other unwanted software.
It was not uncommon to see computers hijacked by the Simda botnet being used to generate income for online criminals by installing click fraud malware, and cryptocurrency miners.
I was interested to see that Kaspersky had produced a simple online check which will test to see if your computer’s IP address is in the database of infected addresses uncovered by security experts.
Of course, if your PC’s IP address has changed since it became infected then the test isn’t going to be effective.
As Kaspersky researchers point out in a blog post, it’s important to realise that the PCs hit by Simda were initially infected via an attack which exploited unpatched vulnerabilities on the victim’s PC.
Keeping your operating system and third-party software such as Flash, Adobe Reader, Silverlight and Java updated with the latest security fixes is an essential part of protecting your computer from attack and should be done alongside running up-to-date anti-virus software.
INTERPOL, the Cyber Defense Institute, the FBI, the Dutch National High-Tech Crime Unit (NHTCU), Kaspersky Lab, Microsoft and Trend Micro worked on the Simda botnet takedown.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.