Microsoft disrupts servers used by feared Zeus bank Trojan

Digital Crimes Unit in major action against crimeware

In the most significant cybercrime bust of the year so far, Microsoft and US banking organisations say they have disrupted a number of the most active botnets that have been attacking online banking customers across the world with impunity using the Zeus crimeware.

On 19 March, the company filed a court action using the US Racketeer Influenced and Corrupt Organizations (RICO) Act alleging that 39 individuals - "John Does 1-39" - were responsible for Zeus-based botnets that had stolen an alleged $100 million (£63 million) over the past five years by after infecting 13 million PCs.

By 23 March, the company's Digital Crimes Unit, the Information Sharing and Analysis Center (FS-ISAC) and the Electronic Payments Association NACHA, launched 'Operation b71', physically seizing hosted servers allegedly used as command and control for the bots, gathering further evidence against the accused.

"We don't expect this action to have wiped out every Zeus botnet operating in the world. However, together, we have proactively disrupted some of the most harmful botnets, and we expect this effort will significantly impact the cybercriminal underground for quite some time," said Microsoft in an official statement.

In addition to Zeus, botnets built using the related SpyEye and Ice-IX variants were also disrupted, Microsoft said.

The action is only the latest in a long line stretching back years that have seen Microsoft and its Digital Crimes Unit become perhaps the most successful anti-cybercrime organisation on the planet, harnessing local laws, trade bodies and the security industry itself to counter a digital crimewave.

The most action significant in recent times was against the infrastructure behind the Rustock botnet in March 2011, which immediately cut global spam levels. In addition to similar campaigns against Waledec and last summer's anti-Kelihos operation, this has helped reduce the volume of spam circulating on the Internet almost back to levels last seen some years ago.

What of Zeus and why has it become so significant? The simplest answer to this is probably that it is the first banking malware to be turned into what is termed 'crimeware', that is a featured crime platform sold to criminals across the world. That has fuelled its popularity and success.

Any action that removes some of the infrastructure will have a short-term impact on its activity but the biggest blow is simply that someone, anyone, has done something. Cybercriminals profiting from effective but common malware such as Zeus have acted in the knowledge that they will probably get away with their crimes. As of today, that assumption might not be as secure.

Microsoft started offering access for third parties to its anti-botnet system in January this year.

More about CHAICOMicrosoftTechnology

ARN Directory | Distributors relevant to this article

Comments

Comments are now closed

 
Computerworld
CIO
Techworld
CMO

Latest News

02:52PM
Queensland Government appoints Interactive Intelligence to ICT Service Panel
02:19PM
More than 200 Aussie Apple fanatics hire minions to stand in line for iPhone 6
12:59PM
Former Microsoft exec named CEO of Australian bar tab start-up
11:46AM
Qlik launches self service Business Intelligence tool for enterprise
More News
18 Sep
National Data Centre Roadshow - Canberra
18 Sep
How the shift to subscription-based licensing is introducing new risks that ever...
29 Sep
Vendor and Supplier Management Workshop
30 Oct
Ovum 2020 Telecoms Summit
View all events