Microsoft and its financial services partners seized two command-and-control servers for the Zeus botnets, which used keylogging to access sensitive information.
Microsofts
Digital Crimes Unit and a handful of financial-services partners undertook a
coordinated action against Zeus botnets March 23, shutting down
command-and-control servers in Pennsylvania and Illinois.
Microsofts
partners in the operation included the Financial Services-Information Sharing
and Analysis Center (FS-ISAC) and NACHA-The Electronic Payments Association,
along with Kyrus Tech Inc. U.S. Marshals escorted Microsoft personnel during
the actual seizure of the hardware at the hosting locations. Despite the
action, however, Zeus botnets still exist in other parts of the globe.
For this
actioncode-named Operation b71we focused on botnets using Zeus, SpyEye and
Ice-IX variants of the Zeus family of malware, Richard Domingues Boscovich,
senior attorney for Microsofts Digital Crimes Unit, wrote in a March 25
posting on
The Official Microsoft Blog. Our goal was a
strategic disruption of operations to mitigate the threat in order to cause
long-term damage to the cyber-criminal organization that relies on these
botnets for illicit gain. Microsoft continues to monitor some 800 domains
related to the seized servers, in turn, allowing the company to identify a
large number of PCs infected with the malware.
Zeus malware
uses keylogging in order to access user names and passwords. From there, a
cyber-criminal can steal victims online identities. Microsoft researchers
found that once a computer is infected with Zeus, the malware automatically
starts keylogging when a person types in the name of a financial or e-commerce
institution, Boscovich wrote, allowing criminals to gain access to peoples
online accounts from that point forward.
Microsoft
claims some 13 million suspected Zeus infections worldwide, with 3 million of
them in the United States. The company
filed suit March 19 in the United States District
Court for the Eastern District of New York against John Does 1-39, which it
claims have control over the Internet Domains and IP addresses linked to Zeus
botnets. In doing so, Microsoft follows a successful pattern established in the
Waledac, Rustock and Kelihos botnet takedowns, all of which involved a
courtroom aspect in addition to seizing command-and-control servers.
We dont
expect this action to have wiped out every Zeus botnet operating in the world,
Boscovich added. However, together, we have proactively disrupted some of the
most harmful botnets, and we expect this effort will significantly impact the
cyber-criminal underworld for quite some time.
Follow Nicholas Kolakowski on Twitter
Email
Print
