Microsoft Targets Zeus Botnets With Financial Services Partners
Microsoft and its financial services partners seized two command-and-control servers for the Zeus botnets, which used keylogging to access sensitive information.Microsofts Digital Crimes Unit and a handful of financial-services partners undertook a coordinated action against Zeus botnets March 23, shutting down command-and-control servers in Pennsylvania and Illinois. Microsofts partners in the operation included the Financial Services-Information Sharing and Analysis Center (FS-ISAC) and NACHA-The Electronic Payments Association, along with Kyrus Tech Inc. U.S. Marshals escorted Microsoft personnel during the actual seizure of the hardware at the hosting locations. Despite the action, however, Zeus botnets still exist in other parts of the globe.
For this actioncode-named Operation b71we focused on botnets using Zeus, SpyEye and Ice-IX variants of the Zeus family of malware, Richard Domingues Boscovich, senior attorney for Microsofts Digital Crimes Unit, wrote in a March 25 posting on The Official Microsoft Blog. Our goal was a strategic disruption of operations to mitigate the threat in order to cause long-term damage to the cyber-criminal organization that relies on these botnets for illicit gain. Microsoft continues to monitor some 800 domains related to the seized servers, in turn, allowing the company to identify a large number of PCs infected with the malware.