Microsoft disrupts servers used by feared Zeus bank Trojan

Digital Crimes Unit in major action against crimeware

In the most significant cybercrime bust of the year so far, Microsoft and US banking organisations say they have disrupted a number of the most active botnets that have been attacking online banking customers across the world with impunity using the Zeus crimeware.

On 19 March, the company filed a court action using the US Racketeer Influenced and Corrupt Organizations (RICO) Act alleging that 39 individuals - "John Does 1-39" - were responsible for Zeus-based botnets that had stolen an alleged $100 million (£63 million) over the past five years by after infecting 13 million PCs.

By 23 March, the company's Digital Crimes Unit, the Information Sharing and Analysis Center (FS-ISAC) and the Electronic Payments Association NACHA, launched 'Operation b71', physically seizing hosted servers allegedly used as command and control for the bots, gathering further evidence against the accused.

"We don't expect this action to have wiped out every Zeus botnet operating in the world. However, together, we have proactively disrupted some of the most harmful botnets, and we expect this effort will significantly impact the cybercriminal underground for quite some time," said Microsoft in an official statement.

In addition to Zeus, botnets built using the related SpyEye and Ice-IX variants were also disrupted, Microsoft said.

The action is only the latest in a long line stretching back years that have seen Microsoft and its Digital Crimes Unit become perhaps the most successful anti-cybercrime organisation on the planet, harnessing local laws, trade bodies and the security industry itself to counter a digital crimewave.

The most action significant in recent times was against the infrastructure behind the Rustock botnet in March 2011, which immediately cut global spam levels. In addition to similar campaigns against Waledec and last summer's anti-Kelihos operation, this has helped reduce the volume of spam circulating on the Internet almost back to levels last seen some years ago.

What of Zeus and why has it become so significant? The simplest answer to this is probably that it is the first banking malware to be turned into what is termed 'crimeware', that is a featured crime platform sold to criminals across the world. That has fuelled its popularity and success.

Any action that removes some of the infrastructure will have a short-term impact on its activity but the biggest blow is simply that someone, anyone, has done something. Cybercriminals profiting from effective but common malware such as Zeus have acted in the knowledge that they will probably get away with their crimes. As of today, that assumption might not be as secure.

Microsoft started offering access for third parties to its anti-botnet system in January this year.

FILL IN THE SURVEY - AND YOU COULD BE A WINNER: ARN wants to hear from YOU. Tell us how you run a successful business and you could win an adrenaline-fuelled adventure of your choice. COMPLETE THE ARN SURVEY.

More about CHAICOMicrosoftTechnology

ARN Directory | Distributors relevant to this article

Comments

Comments are now closed

 
Computerworld
CIO
Techworld
CMO

Latest News

02:52PM
Australians are aware, educated about Big Data: MapR
09:45AM
Synnex named Apple’s third iPad distributor
09:27AM
Oakton: Most organisations have dug themselves an ERP hole, according to survey
08:12AM
Datacom Australia takes a hit, while group profits and revenue grow
More News
08 Sep
ITIL Foundation (incl. Exam)
10 Sep
CPX 2014
10 Sep
IT Leaders Lunch
16 Sep
Ingram Micro SMB Favourites Roadshow
View all events