Microsoft has been proactive in the past year in trying to shut down botnet operations across the globe. In March 2011 it shut down the Rustock botnet and in September 2011 it also closed down the Kelihos botnet and later filed a lawsuit against Andrey N. Sabelnikov, who Microsoft said helped to create that botnet (Sabelnikov later claimed his innocence in the case).
Today, Microsoft announced that it has helped to execute a physical raid on yet another botnet operation that was using variants of the Zeus malware program. In a post on the companys official blog, Richard Domingues Boscovich, the senior attorney for Microsofts Digital Crimes Unit, announced that the company, along with the Financial Services – Information Sharing and Analysis Center (FS-ISAC) and The Electronic Payments Association (NACHA), had filed a lawsuit on March 19 asking permission to go after "the command and control structures of these Zeus botnets"
On March 23, Microsoft, FS-ISAC and NACHA – escorted by the U.S. Marshals – successfully executed a coordinated physical seizure of command and control servers in two hosting locations to seize and preserve valuable data and virtual evidence from the botnets for the case. We took down two IP addresses behind the Zeus ‘command and control’ structure. Microsoft also currently monitors 800 domains secured in the operation, which helps us to identify thousands of Zeus-infected computers.
The raid, under the name Operation b71, focused on disrupting botnets that used the Zeus, SpyEye and Ice-IX variants of the Zeus malware family. PCs infected with the Zeus malware use key loggers to obtain user names and passwords from those computers and then send that information to the malwares owners. The blog post did not say where these hosting locations for the botnets were found. Boscovich writes:
Zeus is especially dangerous because it is sold in the criminal underground as a crimeware kit, which allows criminals to set up new command and control servers and create their own individual Zeus botnets. These crimeware kits sell for anywhere between $700 to $15,000, depending on the version and features of the kit. Overall, Microsoft has detected more than 13 million suspected infections of this malware worldwide, with more than 3 million in the United States alone.
While these new actions by Microsoft and others are not expected to shut down all Zeus-based botnets, Boscovich says that these new raids should have disrupted some of the botnets that are considered to be most harmful to consumers; he believes that the raids will adversely affect the criminals who have been running these operations for some time.