Bamital is a malware designed to hijack search engine results. When Bamital infected computer system search, browser connects to the search engine server receive search results. Clicking on any of the displayed search results redirect user to an attacker controlled command-and-control (C&C) server (Bamital server). These Bamital servers will then connect to the advertisement server and redirects these search results to websites of the attackers' choice, resulting unintended website delivered to user's browser. Bamital also has the ability to click on advertisements without user interaction. This results in poor user experience when using search engines along with an increased risk of further malware infections. If the Bamital servers are unable to serve customized website, tainted search results will be displayed to user's browser.
Bamital also intercepts web browser traffic and prevents access to certain security-related websites by modifying the Hosts file. The local Hosts file overrides the DNS resolution of a website URL to a particular IP address. Malware often modifies a computer's Hosts file to stop users from accessing websites associated with particular security-related applications (such as antivirus for example). Bamital variants may also modify certain legitimate Windows files in order to execute their payload. Bamital has primarily propagated through drive-by-downloads and maliciously modified files in peer-to-peer (P2P) networks.
Users impacted by this botnet, will be notified the next time they try and run a search using their preferred provider. Infected computers will be redirected to a Microsoft website "https://malwarenotice.microsoft.com/" which provides guidance on how to clean the system.
In case, if user reaches to this page "https://malwarenotice.microsoft.com/ " while searching, it indicates the positive sign of Bamital malware infection in their computer. Please read and follow the instructions mentioned. Users can also use free removal tools provided by Microsoft and Symantec to disinfect their systems from Bamital infection.
Microsoft and Symantec provides free malware (Bamital) removal tools: