Microsoft disrupts servers used by feared Zeus bank Trojan

Digital Crimes Unit in major action against crimeware

In the most significant cybercrime bust of the year so far, Microsoft and US banking organisations say they have disrupted a number of the most active botnets that have been attacking online banking customers across the world with impunity using the Zeus crimeware.

On 19 March, the company filed a court action using the US Racketeer Influenced and Corrupt Organizations (RICO) Act alleging that 39 individuals - "John Does 1-39" - were responsible for Zeus-based botnets that had stolen an alleged $100 million (£63 million) over the past five years by after infecting 13 million PCs.

By 23 March, the company's Digital Crimes Unit, the Information Sharing and Analysis Center (FS-ISAC) and the Electronic Payments Association NACHA, launched 'Operation b71', physically seizing hosted servers allegedly used as command and control for the bots, gathering further evidence against the accused.

"We don't expect this action to have wiped out every Zeus botnet operating in the world. However, together, we have proactively disrupted some of the most harmful botnets, and we expect this effort will significantly impact the cybercriminal underground for quite some time," said Microsoft in an official statement.

In addition to Zeus, botnets built using the related SpyEye and Ice-IX variants were also disrupted, Microsoft said.

The action is only the latest in a long line stretching back years that have seen Microsoft and its Digital Crimes Unit become perhaps the most successful anti-cybercrime organisation on the planet, harnessing local laws, trade bodies and the security industry itself to counter a digital crimewave.

The most action significant in recent times was against the infrastructure behind the Rustock botnet in March 2011, which immediately cut global spam levels. In addition to similar campaigns against Waledec and last summer's anti-Kelihos operation, this has helped reduce the volume of spam circulating on the Internet almost back to levels last seen some years ago.

What of Zeus and why has it become so significant? The simplest answer to this is probably that it is the first banking malware to be turned into what is termed 'crimeware', that is a featured crime platform sold to criminals across the world. That has fuelled its popularity and success.

Any action that removes some of the infrastructure will have a short-term impact on its activity but the biggest blow is simply that someone, anyone, has done something. Cybercriminals profiting from effective but common malware such as Zeus have acted in the knowledge that they will probably get away with their crimes. As of today, that assumption might not be as secure.

Microsoft started offering access for third parties to its anti-botnet system in January this year.

2014 ARN Women in ICT Awards - Nominations close October 27!: Nominations have opened for WIICTA 2014 and will stay open until October 27. But don't be late, be among the first in and NOMINATE NOW!!!

More about CHAICOMicrosoftTechnology

ARN Directory | Distributors relevant to this article

Comments

Comments are now closed

 

Latest News

Oct 24
20th Century Fox deploys HP Moonshot servers
Oct 24
Adobe begins encrypting user data collected from Digital Editions app
Oct 24
St George turns on fingerprint login for Apple iOS Internet banking
Oct 24
DDoS attacks skyrocket: Akamai State of Internet Report
More News
29 Oct
NewLease & Microsoft Technical Sessions
30 Oct
Ovum 2020 Telecoms Summit
30 Oct
NewLease & Microsoft Technical Sessions
05 Nov
vForum 2014
View all events