3/26/2012 2:37:50 AM

12/14/2012 9:50:49 AM

Przemek Radzikowski

permalink [Permalink]

International Careers & Jobs - An international employment directory, reviewing world-wide top job sites

  • Home  ›
  • News  ›
  • Zeus Botnets Taken Down by Microsoft Digital Crimes Unit

| More

Zeus Botnets Taken Down by Microsoft Digital Crimes Unit

Microsoft has executed a coordinated global disruption operation against Zeus botnet cybercrime operations.



Microsoft – in collaboration with financial services industry organizations such as Financial Services – Information Sharing and Analysis Center (FS-ISAC) and NACHA – The Electronic Payments Association, and security firms Kyrus Tech Inc. and F-Secure – has executed a coordinated global disruption operation against some of the worst known cybercrime operations fueling online fraud and identity theft today. With this legal and technical action, a number of the most harmful botnets using the Zeus family of malware worldwide have been disrupted in an unprecedented, proactive cross-industry operation against this cybercriminal organization.

"Similar to the successful Waledac, Rustock and Kelihos botnet takedowns, Microsoft, joined by our partners, filed suit on March 19, 2012 against John Does 1-39, asking the court for permission to sever the command and control structures of these Zeus botnets. The suit claimed similar violations made in Microsoft’s previous botnet cases, including the Lanham Act, in order to physically seize servers from hosting providers and preserve evidence. In addition, because Zeus relies on a criminal network to exploit users, we also applied a well-established law known as the Racketeer Influenced and Corrupt Organizations (RICO) Act in the case as the legal basis for this operation. In criminal court cases, the RICO Act is often associated with cases against organized crime; the same is true in applying the civil section of the law to this case against what we believe is an organization of people behind the Zeus family of botnets. By incorporating the use of the RICO Act, we were able to pursue a consolidated civil case against everyone associated with the Zeus criminal operation, even if those involved in the “organization” were not necessarily part of the core enterprise"

"On March 23, Microsoft, FS-ISAC and NACHA – escorted by the U.S. Marshals – successfully executed a coordinated physical seizure of command and control servers in two hosting locations to seize and preserve valuable data and virtual evidence from the botnets for the case. We took down two IP addresses behind the Zeus ‘command and control’ structure. Microsoft also currently monitors 800 domains secured in the operation, which helps us to identify thousands of Zeus-infected computers."

Zeus is notorious for using keylogging, a technique that allows the botnet operator to monitor people’s online activity and gain access to usernames and passwords in order to steal identities, withdraw money, and make online purchases.  Experts believe these botnets are responsible for nearly half a billion dollars in damages.  Valuable evidence and intelligence gained in the operation will be used both to help rescue people’s computers from the control of Zeus, as well in an ongoing effort to undermine the cybercriminal organization and help hold those responsible accountable for their actions.

"We don’t expect this action to have wiped out every Zeus botnet operating in the world. However, together, we have proactively disrupted some of the most harmful botnets, and we expect this effort will significantly impact the cybercriminal underground for quite some time. Cybercriminals are in this for the money and this action was an unprecedented strike against the illicit infrastructure on which they rely. The operation will help further investigations against those responsible for the threat and help us better protect victims."

More information about today’s news can be found on the Official Microsoft blog and on the Microsoft Digital Crimes Unit newsroom.  Please let me know if you have any questions or would like to speak to someone about this development.


permalink [Permalink] - Updated: Friday, December 14, 2012

| More


Other News of Interest

International Careers & Jobs - An international employment directory, reviewing world-wide top job sites

(c) Capitalhead Pty Ltd
Contact Capitalhead About Us Articles & Publications Partners Solutions & Services Products Valid XHTML Valid CSS