NCCIC / US-CERT   
      
   National Cyber Awareness System:   
      
   TA15-105A: Simda Botnet   
   04/15/2015 08:51 AM EDT   
      
      
   Original release date: April 15, 2015   
      
   Systems Affected   
   Microsoft Windows   
      
   Overview   
   The Simda botnet – a network of computers infected with self-propagating   
   malware – has compromised more than 770,000 computers worldwide [1].   
      
   The United States Department of Homeland Security (DHS), in collaboration with   
   Interpol and the Federal Bureau of Investigation (FBI), has released this   
   Technical Alert to provide further information about the Simda botnet, along   
   with prevention and mitigation recommendations.   
      
   Description   
   Since 2009, cyber criminals have been targeting computers with unpatched   
   software and compromising them with Simda malware [2]. This malware may   
   re-route a user’s Internet traffic to websites under criminal control or can   
   be used to install additional malware.   
      
   The malicious actors control the network of compromised systems (botnet)   
   through backdoors, giving them remote access to carry out additional attacks   
   or to “sell” control of the botnet to other criminals [1]. The backdoors also   
   morph their presence every few hours, allowing low anti-virus detection rates   
   and the means for stealthy operation [3].   
      
   Impact   
   A system infected with Simda may allow cyber criminals to harvest user   
   credentials, including banking information; install additional malware; or   
   cause other malicious attacks. The breadth of infected systems allows Simda   
   operators flexibility to load custom features tailored to individual targets.   
      
   Solution   
   Users are recommended to take the following actions to remediate Simda   
   infections:   
      
   Use and maintain anti-virus software - Anti-virus software recognizes and   
   protects your computer against most known viruses. It is important to keep   
   your anti-virus software up-to-date (see Understanding Anti-Virus Software for   
   more information).   
   Change your passwords - Your original passwords may have been compromised   
   during the infection, so you should change them (see Choosing and Protecting   
   Passwords for more information).   
   Keep your operating system and application software up-to-date - Install   
   software patches so that attackers cannot take advantage of known problems or   
   vulnerabilities. Many operating systems offer automatic updates. If this   
   option is available, you should enable it (see Understanding Patches for more   
   information).   
   Use anti-malware tools - Using a legitimate program that identifies and   
   removes malware can help eliminate an infection. Users can consider employing   
   a remediation tool (examples below) that will help with the removal of Simda   
   from your system.   
             Kaspersky Lab : http://www.kaspersky.com/security-scan   
      
             Microsoft: http://www.microsoft.com/security/scanner/e   
   -us/default.aspx   
      
             Trend Micro: http://housecall.trendmicro.com/   
      
   Check to see if your system is infected – The link below offers a simplified   
   check for beginners and a manual check for experts.   
             Cyber Defense Institute:  http://www.cyberdefense.jp/simda/   
      
   The above are examples only and do not constitute an exhaustive list. The U.S.   
   government does not endorse or support any particular product or vendor.   
      
   References   
   [1] INTERPOL Coordinates Global Operation to Take Down Simda Botnet   
   [2] Microsoft partners with Interpol, industry to disrupt global malware   
   attack affecting more than 770,000 PCs in past six mo   
   [3] Botnet that Enslaved 770,000 PCs Worldwide Comes Crashing Down   
   Revision History   
   April 15, 2015: Initial Release   
      
   ----------------------------------------------------------------   
   -------------- -   
      
   This product is provided subject to this Notification and this Privacy & Use   
   policy.   
      
      
   ----------------------------------------------------------------   
   -------------- -   
   OTHER RESOURCES:   
   Contact Us | Security Publications | Alerts and Tips | Related Resources   
   STAY CONNECTED:   
   Sign up for email updates   
      
   SUBSCRIBER SERVICES:   
   Manage Preferences  |  Unsubscribe  |  Help   
      
      
   ----------------------------------------------------------------   
   -------------- -   
   This email was sent to Fido4cmech@lusfiber.net using GovDelivery, on behalf   
   of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray   
   Lane SW Bldg 410 · Washington, DC 20598 · (888) 282-0870 Powered by GovDelivery   
      
      
      
   --   
   Guardien Fide   :^)   
      
      Ben  aka cMech  Web: http://cmech.dynip.com   
                    Email: fido4cmech(at)lusfiber.net   
                 Home page: http://cmech.dynip.com/homepage/   
              WildCat! Board 24/7  +1-337-984-4794  any BAUD 8,N,1   
      
   --- GoldED+/W32-MSVC   
    * Origin: FIDONet - The Positronium Repository (1:393/68)