April 16, 2015
The Simda botnet (a botnet is a network of computers infected with self-propagating malware) has compromised more than 770,000 computers worldwide in the past six months. The botnet has recently been taken down by law enforcement groups and private security companies by seizing 14 command-and-control servers located in various countries, including the US.
Simda malware takes advantage of Windows computers with unpatched software to re-route a user’s Internet traffic to websites under control by the criminals. The infected computers can also be used to install additional malware, give criminals access to harvest user credentials, or cause other malware attacks.
Read a full report on this threat in the alert released by the DHS and FBI: TA15-105A, which includes the recommended actions users can take:
- Use and maintaining anti-virus software
- Change your passwords
- Keep your operating system and software up to date
- Do a manual check of your system (or ask for assistance to do so) to see if it is infected. Microsoft has developed a free cleaning agent for Simda. If you have been infected by Simda.AT, run a comprehensive scan of your environment using Microsoft Safety Scanner, Microsoft Security Essentials or Windows Defender.