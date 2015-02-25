(Adds details on some 350,000 PCs currently infected with
Ramnit malware)
By Anthony Deutsch and Jim Finkle
AMSTERDAM/BOSTON Feb 25 A cybercrime operation
that stole banking information by hacking more than 3 million
computers in Indonesia, India and other countries has been
disrupted by European police with assistance from three
technology companies, officials said on Wednesday.
The European Cybercrime Centre at Europol, the European
police agency, coordinated the operation out of its
headquarters in The Hague, targeting the so-called Ramnit
botnet, a network of computers infected with malware.
Working with investigators from Germany, Italy, the
Netherlands and Britain, it was assisted by AnubisNetworks, a
unit of BitSight Technologies; Microsoft Corp and
Symantec Corp in dismantling the server infrastructure
used by the criminals, Europol said.
"The criminals have lost control of the infrastructure they
were using," Paul Gillen, head of operations at Europol's
cybercrime centre, told Reuters.
Authorities simultaneously seized servers in four countries
after Microsoft and the Washington-based Financial Services
Information Sharing and Analysis Center sought a court order
last week in U.S. court through a sealed lawsuit, according to
Microsoft.
Symantec said on its blog that the two countries with the
largest number of infected computers were India - where data
shows that 27 percent of infections were uncovered - and
Indonesia, with 18 percent. Vietnam, the United States,
Bangladesh and the Philippines followed.
The security software maker said that the hackers had
successfully attacked some 3.2 million PCs since 2010, though
investigators believe only about 350,000 are currently infected
with the Ramnit malware.
The malware, installed through links on spam email or
infected websites, enabled culprits to take control of the PCs
and use them for criminal activities.
Symantec described Ramnit as "a fully-featured cybercrime
tool," whose features include the ability to spy on web browsing
sessions, steal "cookie" credentials used to authenticate
visitors to banking sites and scan hard drives in search of
sensitive passwords.
Vikram Thakur, a Symantec researcher, told Reuters that he
did not expect any arrests to be made by authorities who are
still searching for the ringleaders.
Europol has been coordinating cross-border efforts to take
down criminal infrastructure on the Internet and bring to
justice those responsible.
In November, U.S. and European authorities seized more than
400 secret website addresses and arrested suspects in an
operation targeting black markets for drugs and other illegal
services, known as Silk Road 2.0.
