Europol shuts down Ramnit botnet that infected 3.2m PCs


The long-running Ramnit botnet, which is thought to have infected 3.2 million Windows computers, has been shutdown, thanks to the combined efforts of Europol and the vendor community.

The botnet is thought to have been operational since at least 2010, and has previously been implicated in the theft of tens of thousands of Facebook logins and online banking details.

Its malware is reportedly spread by infecting executable files stored on PC hard drives with copies of itself, as its operators sought to build their botnet.

According to a Microsoft blog post about Ramnit, dating back to 2013, with the botnet in place, the people behind it reportedly turned their attention to using it to carry out dastardly deeds during 2012.

These include stealing online banking logins, passwords, cookies and users' personal information.

The botnet has now been brought to its knees with the help of a cross-continent investigative effort involving teams from Germany, Italy, the Netherlands and the UK working with Europol's European Cybercrime Centre (EC3), as well as representatives from Microsoft, Symantec and AnubisNetworks.

In a blog post by Symantec, published earlier today, the anti-virus vendor confirmed their collective work had resulted in a number of servers owned by the cyber criminals behind Ramnit being seized, along with other parts of their computing infrastructure.

The company has also released a tool, accessible here, for anyone concerned their PC may have been infected by Ramnit.

Wil van Gemert, deputy director of operations at Europol, said: "This successful operation shows the importance of international law enforcement working together with private industry in the fight against the global threat of cybercrime.

"We will continue our efforts in taking down botnets and disrupting the core infrastructures used by criminals to conduct a variety of cybercrimes.

"Together with the EU member states and partners around the globe, our aim is to protect people around the world against these criminal activities."

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.