Threat Update | Simda Botnet
April 15, 2015
US-Cert has reported the compromise of more than 770,000 computers running Microsoft Windows worldwide through the Simda botnet.
The details below have been released to provide further information along with prevention recommendations.
Simda malware may re-route user’s Internet traffic to websites under criminal control or can be used to install malware. The malicious actors control the network of compromised systems (botnet) through backdoors, giving them remote access to carry out additional attacks or to “sell” control of the botnet to other criminals. The backdoors also morph their presence every few hours, allowing low anti-virus detection rates and the means for stealthy operation.
A system infected with Simda may allow cyber criminals to harvest user credentials, including banking information; install additional malware; or cause other malicious attacks. The breadth of infected systems allows Simda operators flexibility to load custom features tailored to individual targets.
Users are recommended to take the following actions to remediate Simda infections:
- Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date (see Understanding Anti-Virus Software for more information).
- Change your passwords – Your original passwords may have been compromised during the infection, so you should change them (see Choosing and Protecting Passwords for more information).
- Keep your operating system and application software up-to-date – Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it (see Understanding Patches for more information).
- Use anti-malware tools – Using a legitimate program that identifies and removes malware can help eliminate an infection.