Microsoft goes after Zeus botnet operations

Microsoft has been proactive in the past year in trying to shut down botnet operations across the globe. In March 2011 it shut down the Rustock botnet and in September 2011 it also closed down the Kelihos botnet and later filed a lawsuit against Andrey N. Sabelnikov, who Microsoft said helped to create that botnet (Sabelnikov later claimed his innocence in the case).

Today, Microsoft announced that it has helped to execute a physical raid on yet another botnet operation that was using variants of the Zeus malware program. In a post on the company's official blog, Richard Domingues Boscovich, the senior attorney for Microsoft's Digital Crimes Unit, announced that the company, along with the Financial Services – Information Sharing and Analysis Center (FS-ISAC) and The Electronic Payments Association (NACHA), had filed a lawsuit on March 19 asking permission to go after "the command and control structures of these Zeus botnets"

Boscovich writes:

On March 23, Microsoft, FS-ISAC and NACHA – escorted by the U.S. Marshals – successfully executed a coordinated physical seizure of command and control servers in two hosting locations to seize and preserve valuable data and virtual evidence from the botnets for the case. We took down two IP addresses behind the Zeus ‘command and control’ structure. Microsoft also currently monitors 800 domains secured in the operation, which helps us to identify thousands of Zeus-infected computers.

The raid, under the name Operation b71, focused on disrupting botnets that used the Zeus, SpyEye and Ice-IX variants of the Zeus malware family. PCs infected with the Zeus malware use key loggers to obtain user names and passwords from those computers and then send that information to the malware's owners. The blog post did not say where these hosting locations for the botnets were found. Boscovich writes:

Zeus is especially dangerous because it is sold in the criminal underground as a crimeware kit, which allows criminals to set up new command and control servers and create their own individual Zeus botnets. These crimeware kits sell for anywhere between $700 to $15,000, depending on the version and features of the kit. Overall, Microsoft has detected more than 13 million suspected infections of this malware worldwide, with more than 3 million in the United States alone.

While these new actions by Microsoft and others are not expected to shut down all Zeus-based botnets, Boscovich says that these new raids should have disrupted some of the botnets that are considered to be most harmful to consumers; he believes that the raids will adversely affect the criminals who have been running these operations for some time.

Report a problem with article
Previous Story

Windows Phone reportedly gets 'smoked' by Android but does not pay up [Update]

Next Story

HTC Titan II to debut on AT&T April 8th for $199.99

5 Comments

so if they know about all these zombies around the world why are they not doing anything about them too like contact the owner of the IP address or the ISP

Athlonite said,
so if they know about all these zombies around the world why are they not doing anything about them too like contact the owner of the IP address or the ISP

Then the botnet owner just changes the DNS of the domains the botnet connects to. They need to physically take the control servers so this cannot be done, from there they can issue a command to the clients to stop connecting/remove the infected code.

Commenting is disabled on this article.