{
	"id": "9a5e9150-bd48-4561-a612-0f2f8d0e261a",
	"created_at": "2026-04-10T03:21:33.606582Z",
	"updated_at": "2026-04-10T03:22:17.979264Z",
	"deleted_at": null,
	"sha1_hash": "f28f4dc6507ed9495cd3feede87631a82f20fa9f",
	"title": "Bamital Botnet Takedown Is Successful; Cleanup Underway",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 52405,
	"plain_text": "Bamital Botnet Takedown Is Successful; Cleanup Underway\r\nPublished: 2013-02-22 · Archived: 2026-04-10 02:36:06 UTC\r\nFeb 22, 2013\r\nThe following is a post by Richard Domingues Boscovich, Assistant General Counsel, Microsoft Digital Crimes\r\nUnit.\r\nTwo weeks after Microsoft and Symantec’s collaborative takedown of the Bamital botnet, I’m pleased to report\r\nthat the Bamital botnet remains offline. Additionally, since Microsoft was able to receive all of the computer\r\ntraffic that had been connecting to the Bamital botnet, we are also seeing very positive cleanup results firsthand.\r\nFor instance, our preliminary data shows that as of February 18th, approximately 32 percent of the infected\r\ncomputers we had observed since the February 6th takedown are no longer part of the Bamital botnet. This\r\npromising reduction rate is largely due to the takedown of the botnet and victims taking action in response to the\r\nproactive notification process and available cleanup tools. We expect that the number of victim notifications and\r\ncleaned computers will improve as we fine-tune our process over the course of the next several weeks.\r\nI also want to take this opportunity to acknowledge the cooperation of the Indian Computer Emergency Response\r\nTeam (CERT-In). Bamital’s command and control structure was using several “.In” top level domains to control\r\ninfected computers around the world. CERT-In played an integral role by implementing a crucial component of\r\nthe notification process that allowed us to contact and offer cleanup tools to victims affected by Bamital. CERT-In’s support is the reason why this cleanup effort has been effective. Additionally, we will soon be working with\r\nInternet service providers and Computer Emergency Response Teams around the world, as we have in the past, to\r\nhelp rescue those remaining computers infected with this malware.\r\nMeanwhile, we also have positive news to share on the legal side. Early last week we entered into a confidential\r\nsettlement agreement in the case with defendant John Doe 12. We believe the agreement is in the best interest of\r\nthe case. Finally, at a preliminary injunction hearing on February 13th, the Federal Court for the Eastern District of\r\nVirginia granted Microsoft’s motion and entered an order granting the preliminary injunction. The granting of this\r\nmotion helps to keep the domains that the bot-herders used to operate the botnet offline, and allows Microsoft to\r\ncontinue pointing all of the malicious IP addresses to Microsoft’s domain name system (DNS).\r\nHelping protect people is at the forefront of Microsoft’s proactive fight against botnets and other forms of\r\ncybercrime. We do this by applying a three-pronged approach which includes helping advance security in our\r\nproducts and services, taking proactive, disruptive measures to help protect people, and educating people about the\r\ndangers of cybercrime and how they can protect themselves from online threats. As DCU recently held its fourth\r\nannual Digital Crimes Consortium (DCC) in Barcelona, Spain, a week-long conference that provides a rare\r\nopportunity for law enforcement and members of the technology security community from around the world to\r\ndiscuss the latest cybercrime issues and challenges, I want to stress that cybercrime cannot be fought alone.\r\nHowever, with continued successes in cooperation among all players – industry, academic researchers, law\r\nenforcement agencies and governments worldwide – the global community has the power to turn the tide in the\r\nhttps://blogs.microsoft.com/blog/2013/02/22/bamital-botnet-takedown-is-successful-cleanup-underway/\r\nPage 1 of 2\n\nfight against cybercrime. I look forward to continuing to work with partners like Symantec and CERT-In to shut\r\ndown cybercriminal networks and protect innocent people around the world.\r\nTo stay informed on what Microsoft and others are doing to help make the Internet safer for everyone, follow the\r\nMicrosoft Digital Crimes Unit on Facebook and Twitter.\r\nTags: botnets, Digital Crimes Unit\r\nSource: https://blogs.microsoft.com/blog/2013/02/22/bamital-botnet-takedown-is-successful-cleanup-underway/\r\nhttps://blogs.microsoft.com/blog/2013/02/22/bamital-botnet-takedown-is-successful-cleanup-underway/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://blogs.microsoft.com/blog/2013/02/22/bamital-botnet-takedown-is-successful-cleanup-underway/"
	],
	"report_names": [
		"bamital-botnet-takedown-is-successful-cleanup-underway"
	],
	"threat_actors": [],
	"ts_created_at": 1775791293,
	"ts_updated_at": 1775791337,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f28f4dc6507ed9495cd3feede87631a82f20fa9f.pdf",
		"text": "https://archive.orkl.eu/f28f4dc6507ed9495cd3feede87631a82f20fa9f.txt",
		"img": "https://archive.orkl.eu/f28f4dc6507ed9495cd3feede87631a82f20fa9f.jpg"
	}
}