Microsoft Can Retain Control of Zeus Botnet Under Federal Court Order
A federal court grants Microsoft permission to keep two major Zeus banking fraud botnets down for the next two years to allow more time to clean up trojan-infected computers.Microsoft won a court order on Nov. 28 to allow the company and its financial-services partners to continue to administer command-and-control servers for two Zeus botnets that had been shut down by the company's legal and technical campaign in March 2012. The motion for a default judgment, which was granted by the U.S. District Court in the Eastern District of New York, gives Microsoft and the National Automated Clearing House Association (NACHA) an injunction that allows the companies to keep the two Zeus botnets and their associated domains disabled for another 24 months. The original takedown, codenamed Operation b71, seized command-and-control servers in Pennsylvania and Illinois and disrupted the online-fraud networks. "This additional time will allow Microsoft to continue to work with Internet service providers and Computer Emergency Response Teams (CERTs) to clean those computers that are still infected with the malware," Richard Boscovich, senior attorney for Microsoft's Digital Crimes Unit, said in an email interview. Zeus is perhaps the best known of a class of programs known as banking trojans, designed to silently compromise a victim's computer and allow an attacker to record banking credentials and piggyback on the user's online financial sessions to steal money. Overall, Zeus is an infection framework that allows attackers to create malware and spread it using spam campaigns. In addition, the toolkit includes server software to manage the resulting network of compromised machines or botnet.
The takedown effort appeared to have a substantial impact on the spread of Zeus as the foundation of cyber-criminals botnets: Attempts at infecting systems with Zeus fell by more than half to 336,000 for a single week in June, from 780,000 for a week in early March.