Virut is a cybercrime malware botnet, operating at least since 2006, and one of the major botnets and malware distributors on the Internet. In January 2013 its operations were disrupted by the Polish organization Naukowa i Akademicka Sieć Komputerowa.
Virut is a malware botnet that is known to be used for cybercrime activities such as DDoS attacks, spam (in collaboration with the Waledac botnet), fraud, data theft, and pay-per-install activities. It spreads through executable file infection (through infected USB sticks and other media), and more recently, through compromised HTML files (thus infecting vulnerable browsers visiting compromised websites). It has infected computers associated with at least 890,000 IP addresses in Poland. In 2012, Symantec estimated that the botnet had control of over 300,000 computers worldwide, primarily in Egypt, Pakistan and Southeast Asia (including India). A Kaspersky report listed Virut as the fifth-most widespread threat in the third quarter of 2012, responsible for 5.5% of computer infections.
The Virut botnet has been active since at least 2006.
On 17 January 2013, Polish research and development organization, data networks operator, and the operator of the Polish ".pl" top-level domain registry, Naukowa i Akademicka Sieć Komputerowa (NASK), took over twenty three domains used by Virut to attempt to shut it down. A NASK spokesperson stated that it was the first time NASK engaged in such an operation (taking over domains), owing to the major threat that the Virut botnet posed to the Internet. It is likely Virut will not be shut down completely, as some of its control servers are located at Russian ".ru" top-level domain name registrars outside the reach of the Polish NASK. Further, the botnet is able to look up alternate backup hosts, enabling the criminals operating it to reestablish control over the network.