‘Simda.AT’ designed to divert Internet traffic to disseminate other types of malware.

Today Interpol and the Dutch National High Tech Crime Unit (DNHTCU) announced the disruption ofSimda.AT, a significant malware threat affecting more than 770,000 computers in over 190 countries. The Simda.AT variant first appeared in 2012. It is a widely distributed malware that causes significant damage to users through the manipulation of internet traffic and spread of other malware.

Interpol coordinated the operation and the DNHTCU, with the support of the Federal Bureau of Investigation (FBI), successfully took down Simda.AT’s active command and control infrastructure across four countries including the Netherlands, Luxembourg, Russia and the United States.

The Microsoft Malware Protection Center (MMPC) and the Microsoft’s Digital Crimes Unit (DCU) led the analysis of the malware threat in partnership with CDI Japan, Kaspersky Lab, and Trend Micro.

MMPC activated the Coordinated Malware Eradication (CME) platform to provide in-depth research, telemetry, samples, and cleaning solutions to law enforcement and our partners.  This information helped law enforcement take action against Simda.AT and its infrastructure, while providing easy remediation and recovery options for victim machines around the world.

Since 2009, the Simda malware family has been a dynamic and elusive threat.  Simda’s function has ranged from a simple password stealer to a complex banking trojan.  To read more about the Simda family, see Win32/Simda.

Encounters

Simda.AT makes up the vast majority of our current detections for this malware family. We’ve measured approximately 128,000 new cases each month over the last six months with infections occurring around the world. The ‘Top 10’ countries accounted for 54 percent of the detections our customers have experienced from February through March:

Source: technet.com