A MAJOR operation has been carried out to eliminate malicious software which has infected tens of thousands of computers across the UK.
The National Crime Agency has worked with law enforcement colleagues in the Netherlands, Italy and Germany to shut down command and control servers used by a ‘botnet’ network of infected computers.
One of the servers was based in Gosport, but there is no suggestion the person hosting it was aware of or anything to do with the situation and the NCA says someone could have hacked it.
The botnet, called RAMNIT, spread malware via seemingly trustworthy links sent out on phishing emails or social networking websites.
If users running Windows operating systems clicked on the links, the malware would be installed, infecting the computer.
Infected computers would then be under the control of criminals, enabling them to access personal or banking information, steal passwords and disable antivirus protection.
Investigators believe that RAMNIT may have infected over three million computers worldwide, with around 33,000 of those being in the UK.
It has so far largely been used to attempt to take money from bank accounts.
Analysis is now taking place on the servers and an investigation is ongoing.
The NCA is now advising people to check whether their computer has been infected. by downloading specialist disinfection software, which is available free of charge at cyberstreetwise.com/security-software orgetsafeonline.org/news/ramnit.
The disinfection tools will identify whether a computer has been infected and, if so, disinfect it.
Those whose computers have been affected should then change passwords on banking, email, social media and other potentially sensitive online accounts.
Steve Pye from the NCA’s National Cyber Crime Unit said: ‘Through this operation, we are disrupting a cyber crime threat which has left thousands of ordinary computer users in the UK at risk of having their privacy and personal information compromised.
‘This malware effectively gives criminals a back door so they can take control of your computer, access your images, passwords or personal data and even use it to circulate further spam messages or launch illegal attacks on other websites.
‘As a result of this action, the UK is safer from RAMNIT, but it is important that individuals take action now to disinfect their machines, and protect their personal information.’
The operation to take down RAMNIT was co-ordinated by the Joint Cybercrime Action Taskforce (J-CAT) based at Europol’s European Cybercrime Centre (EC3).
Europol was alerted to RAMNIT by Microsoft, after data analysis showed a big increase in infections.