As compared to Beebone, which involved more than 12,000 computers, Simda is believed to have infected more than 770,000 computers around the world, Interpol wrote in its Monday press. Microsoft, Kaspersky Lab, Trend Micro and Japan's Cyber Defence Institute all provided analysis of the botnet to document its spread around the world and location of its command-and-control (C&C) servers.
Ten of these servers were seized in the Netherlands, as well as additional servers in the U.S., Russia, Luxembourg and Poland. Kaspersky noted that an initial analysis of sinkholed server logs listed 190 countries affected by the botnet.
In emailed comments to SCMagazine.com, Kaspersky noted that investigations were ongoing as to who could be behind the botnet and that it's “too soon to speculate.”
“What is important is that through cooperation and information sharing, the botnet has been severely crippled thanks to the efforts of law enforcement agencies and private sector companies,” the company said.
Microsoft reported on its blog that the Simda malware family has existed since 2009 and most recently, the majority of infections involved Simda.AT. It's primarily spread through infected websites that redirect to exploit kits.
Microsoft measured approximately 128,000 new cases per month over the past six months. From February to March 2015, 22 percent of new infections came from the U.S.
The malware authors are thought to monetize their efforts by being paid for distributing and installing additional software packages or modules, Microsoft wrote. The company had documented click-fraud/search hijacking malware being installed on infected computers, as well as crypto-currency mining software and unwanted software/adware.