Microsoft Targets Zeus Botnets With Financial Services Partners

By Nicholas Kolakowski  |  Posted 2012-03-26 Email Print this article Print

Microsoft and its financial services partners seized two command-and-control servers for the Zeus botnets, which used keylogging to access sensitive information.

Microsoft€™s Digital Crimes Unit and a handful of financial-services partners undertook a coordinated action against Zeus botnets March 23, shutting down command-and-control servers in Pennsylvania and Illinois.

Microsoft€™s partners in the operation included the Financial Services-Information Sharing and Analysis Center (FS-ISAC) and NACHA-The Electronic Payments Association, along with Kyrus Tech Inc. U.S. Marshals escorted Microsoft personnel during the actual seizure of the hardware at the hosting locations. Despite the action, however, Zeus botnets still exist in other parts of the globe.

€œFor this action€”code-named Operation b71€”we focused on botnets using Zeus, SpyEye and Ice-IX variants of the Zeus family of malware,€ Richard Domingues Boscovich, senior attorney for Microsoft€™s Digital Crimes Unit, wrote in a March 25 posting on The Official Microsoft Blog. €œOur goal was a strategic disruption of operations to mitigate the threat in order to cause long-term damage to the cyber-criminal organization that relies on these botnets for illicit gain.€ Microsoft continues to monitor some 800 domains related to the seized servers, in turn, allowing the company to identify a large number of PCs infected with the malware.

Zeus malware uses keylogging in order to access user names and passwords. From there, a cyber-criminal can steal victims€™ online identities. €œMicrosoft researchers found that once a computer is infected with Zeus, the malware automatically starts keylogging when a person types in the name of a financial or e-commerce institution,€ Boscovich wrote, €œallowing criminals to gain access to people€™s online accounts from that point forward.€

Microsoft claims some 13 million suspected Zeus infections worldwide, with 3 million of them in the United States. The company filed suit March 19 in the United States District Court for the Eastern District of New York against €œJohn Does 1-39,€ which it claims have control over the Internet Domains and IP addresses linked to Zeus botnets. In doing so, Microsoft follows a successful pattern established in the Waledac, Rustock and Kelihos botnet takedowns, all of which involved a courtroom aspect in addition to seizing command-and-control servers. 

€œWe don€™t expect this action to have wiped out every Zeus botnet operating in the world,€ Boscovich added. €œHowever, together, we have proactively disrupted some of the most harmful botnets, and we expect this effort will significantly impact the cyber-criminal underworld for quite some time.€

Follow Nicholas Kolakowski on Twitter 

Nicholas Kolakowski is a staff editor at eWEEK, covering Microsoft and other companies in the enterprise space, as well as evolving technology such as tablet PCs. His work has appeared in The Washington Post, Playboy, WebMD, AARP the Magazine, AutoWeek, Washington City Paper, Trader Monthly, and Private Air. He lives in Brooklyn, New York.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel