National Cyber Awareness System:
04/15/2015 08:51 AM EDT
Original release date: April 15, 2015
The Simda botnet – a network of computers infected with self-propagating malware – has compromised more than 770,000 computers worldwide .
The United States Department of Homeland Security (DHS), in collaboration with Interpol and the Federal Bureau of Investigation (FBI), has released this Technical Alert to provide further information about the Simda botnet, along with prevention and mitigation recommendations.
Since 2009, cyber criminals have been targeting computers with unpatched software and compromising them with Simda malware . This malware may re-route a user’s Internet traffic to websites under criminal control or can be used to install additional malware.
The malicious actors control the network of compromised systems (botnet) through backdoors, giving them remote access to carry out additional attacks or to “sell” control of the botnet to other criminals . The backdoors also morph their presence every few hours, allowing low anti-virus detection rates and the means for stealthy operation .
A system infected with Simda may allow cyber criminals to harvest user credentials, including banking information; install additional malware; or cause other malicious attacks. The breadth of infected systems allows Simda operators flexibility to load custom features tailored to individual targets.
Users are recommended to take the following actions to remediate Simda infections:
Kaspersky Lab : http://www.kaspersky.com/security-scan
Trend Micro: http://housecall.trendmicro.com/
Cyber Defense Institute: http://www.cyberdefense.jp/simda/
The above are examples only and do not constitute an exhaustive list. The U.S. government does not endorse or support any particular product or vendor.