I received a message about the Ramnit Botnet Takedown

On February 25, 2015, Interpol, with the help of Symantec, Microsoft and several other industry partners, seized servers, and other infrastructure used by the group behind the Ramnit botnet.

Is this a legitimate message from Norton?

Yes. Norton is letting you know about one of the ways that our products protect you and how our company is committed to helping law enforcement stop the bad guys.

Does Norton protect against this threat?

Yes, the following products include protection against this botnet:

  • Norton AntiVirus

  • Norton Internet Security

  • Norton 360

  • Norton Security

  • Norton Security with Backup

Norton detects the threat as follows:

  • Antivirus:

    • W32.Ramnit

    • W32.Ramnit.B

    • W32.Ramnit!inf

    • W32.Ramnit.C!inf

    • W32.Ramnit.D!inf

    • W32.Ramnit!html

  • Intrusion prevention:

    • System Infected: Ramnit Zbot Web Inject Activity

Norton products provide protection against this threat. If you have a third-party security product or suspect that you have been infected with this botnet, download and run the W32.Ramnit Removal Tool.

What is the Ramnit Botnet Takedown?

A law enforcement operation that was led by Europol and assisted by Symantec, Microsoft, and a number of other industry partners, has today seized servers and other infrastructure that was owned by the cybercrime group behind the Ramnit botnet (detected by Symantec as W32.Ramnit.B). The group has been in operation for at least five years and in that time has evolved into a major criminal enterprise, infecting more than 3.2 million computers in total and defrauding large numbers of innocent victims. It is hoped that today's operation will strike a significant blow against the resources and capabilities of the gang.

What is the Ramnit botnet?

The Ramnit threat has evolved over time to become a powerful cybercrime tool, providing attackers with several ways to compromise a victim. It is capable of monitoring web sessions to steal banking credentials, steal cookies to impersonate the victim, take files from a victim's hard drive and even grant an attacker remote access to the computer to potentially do more damage.

More information

Thank you!

Thank you for using Norton Support.

< Back

Was this information helpful?

DOCID: v108970330_EndUserProfile_en_us
Operating System: Windows
Last modified: 05/22/2015