Europol busts cyber crime ring that hacked 3 mn computers

A cyber crime syndicate that stole banking information from three million computers in Indonesia, India and other countries has been busted by the European police with assistance from three technology companies, European Union's law enforcement agency Europol said.

Europol director Rob Wainwright (centre) announcing the busting of the Ramnit botnet

The criminals used the botnet - a term used to describe a network of infected computers - called Ramnit to gain remote access and control of the infected computers, enabling them to steal personal and banking information such as passwords and disable antivirus protection.

This malware, infecting users running Windows operating systems, explored different infection vectors such as links contained in spam emails or by visiting infected websites.

The action was coordinated by the European Cybercrime Centre at Europol from its headquarters in The Hague, against Ramnit botnet, a network of computers infected with malware.

Support to the European agency was extended by experts from Germany, Italy, the Netherlands and UK. Assistance in dismantling the server infrastructure used by the criminals also came from AnubisNetworks, a unit of BitSight Technologies; Microsoft Corp and Symantec Corp, Europol said.

"The criminals have lost control of the infrastructure they were using," Paul Gillen, head of operations at Europol's cybercrime centre, told Reuters.

Authorities seized servers in four countries after Microsoft and the Washington-based Financial Services Information Sharing and Analysis Center sought a court order last week in a US court through a sealed lawsuit, Microsoft said.

According to a blog on the Symantec website, the two countries with the largest number of infected computers were India - where data showed that 27 per cent of infections were uncovered - and Indonesia, with 18 per cent.

Vietnam came in next and the US, Bangladesh and the Philippines followed in that order.

"This successful operation shows the importance of international law enforcement working together with private industry in the fight against the global threat of cybercrime," Europol deputy director Operations Wil van Gemert said in a statement. "We will continue our efforts in taking down botnets and disrupting the core infrastructures used by criminals to conduct a variety of cybercrimes."

 ''The group has been in operation for at least five years and during this time has evolved into a major criminal enterprise, infecting than 3.2 million computers in total and defrauding large numbers of innocent victims," Symantec said, PTI reported.

Ramnit started off as a worm, which first appeared in 2010 and had evolved with time as its controllers appeared to shift their focus from building the botnet to exploiting it.

The malware spreads through the use of removable devices like USB keys and network shares.

The attackers had also used File Transfer Protocol (FTP) servers, through malicious ads on legitimate websites, bundling the malware with potentially unwanted applications.