Check Point Threat Alert - Simda

Overview

The Simda botnet is a network of computers infected with self-propagating malware which has compromised more than 770,000 computers worldwide.

Since 2009, cyber criminals have been targeting computers with unpatched software and compromising them with Simda malware. This malware may re-route a user’s Internet traffic to websites under criminal control or can be used to install additional malware.

The malicious actors control the network of compromised systems through backdoors, giving them remote access to carry out additional attacks or to “sell” control of the botnet to other criminals. The backdoors also morph their presence every few hours, allowing low anti-virus detection rates and the means for stealthy operation. In the first two months of 2015, some 90,000 new infections were detected in the US alone. The Simda botnet has been seen in more than 190 countries, with the worst affected including the US, UK, Turkey, Canada and Russia.

Impact

A system infected with Simda may allow cyber criminals to harvest user credentials, including banking information, install additional malware or cause other malicious attacks. The breadth of infected systems allows Simda operators flexibility to load custom features tailored to individual targets.

Takedown

In a series of simultaneous actions around the world, on Thursday 9 April, 10 command and control servers were seized in the Netherlands, with additional servers taken down in the US, Russia, Luxembourg and Poland.

List of Relevant Signatures & Indicators

Check Point protects its customers from Simda with the Anti-Bot blade which includes hundreds of relevant signatures and indicators under the name Simda.

These eight network signatures are among them:

Monitor.Win32.Simda.A
Monitor.Win32.Simda.C
Monitor.Win32.Simda.B
Backdoor.Win32.Simda.A
Backdoor.Win32.Simda.B
Backdoor.Win32.Simda.C
Trojan.Win32.Simda.A
Trojan.Win32.Simda.B

References

US-CERT Alert TA15-105A: https://www.us-cert.gov/ncas/alerts/TA15-105A

Interpol: http://www.interpol.int/en/News-and-media/News/2015/N2015-038

See how use cases come to life through Check Point's customer stories.

See how use cases come to life through Check Point's customer stories.

See how use cases come to life through Check Point's customer stories.

AI-Powered Threat Prevention

AI-Powered Threat Prevention

AI-Powered Threat Prevention

AI-Powered Threat Prevention

AI-Powered Threat Prevention

Learn hackers inside secrets and beat them at their own game

Learn hackers inside secrets and beat them at their own game

Learn hackers inside secrets and beat them at their own game

Learn hackers inside secrets and beat them at their own game

Learn hackers inside secrets and beat them at their own game

Learn hackers inside secrets and beat them at their own game

Check Point is 100% Channel. Grow Your Business with Us!

See how use cases come to life through Check Point's customer stories.

Check Point Threat Alert – Simda

You may also like

The Rise of the Code Package Threat

Amid vaccine mandates, fake vaccine certificates become a full blown industry

How scammers are hiding their phishing trips in public clouds

Democracy Under Attack: Summarizing the Elections Threat Landscape