Microsoft bests bank-busting botnet

Powered by SC Magazine
 

Zeus command and control knocked out.

Microsoft has dismantled command and control machines that supported one of the most pernicious trojans in existence, responsible for stealing tens of millions of dollars through the keystroke logging of online banking credentials.

The software giant announced as part of a coordinated effort with the Financial Services Information Sharing and Analysis Center (FS-ISAC) and NACHA – The Electronic Payments Association, it has dismantled prominent hubs that provided instructions to machines infected with Zeus and related malware families, including SpyEye.

US Marshals last week led the raid on hosting locations in America where they confiscated command-and-control (C&C) servers and dismantled two IP addresses in the process.

In addition, as a result of the seizure, Microsoft has assumed control of some 800 domains used to host the malware, a process known as sinkholing.

Codenamed "Operation b71," the undertaking relied on obtaining warrants through a lawsuit filed March 19 in US District Court against 39 "John Does" -- the complaint lists only their online aliases – who were believed responsible for running the C&C servers.

Interestingly, in the suit, Microsoft applied the Racketeer Influenced and Corrupt Organisations (RICO) Act, a federal law that extends penalties for those involved in organised crime.

"By incorporating the use of the RICO Act, we were able to pursue a consolidated civil case against everyone associated with the Zeus criminal operation, even if those involved in the 'organisation' were not necessarily part of the core enterprise," wrote Richard Boscovich, senior attorney with the Microsoft Digital Crimes Unit, in a blog post.

Security experts have long considered Zeus to be a criminal enterprise, and Microsoft said it has detected 13 million infections worldwide, with more than three million just in the US.

In addition, opportunistic criminals should have no problems finding exploit toolkits that can be used to fire off the Zeus trojan, especially after its source code was leaked last year.

This is the fourth time Microsoft has taken legal action against the purveyors of botnets. In the past, the company has been successful in taking down or disrupting the Waledac, Rustock and Kelihos networks of zombie computers.

While those botnets largely have gone away, some security experts believe Zeus will be a tougher knock-out.

On Monday, security researcher Aviv Raff tweeted: "Most [of the 800 under Microsoft's control] are old domains, and it's a drop in the ocean in general."

But Boscovich said the operation netted some major players.

"We don't expect this action to have wiped out every Zeus botnet operating in the world," he wrote.

"However, together, we have proactively disrupted some of the most harmful botnets, and we expect this effort will significantly impact the cybercriminal underground for some time."

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Microsoft bests bank-busting botnet
 
 
 
Top Stories
ATO investigates 25 tech giants in tax hunt
Prepared to take tax evaders to court.
 
Immigration, Customs restructure IT leadership
Customs CIO promoted into transformation role.
 
NBN Co begins FTTB rollout
Will bring service to 6000 apartments.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Franchisees, here's something you should know about
Jan 23, 2015
You need to know the Code if you are a franchisee or franchisor as the penalties are significant.
Xero users rejoice! Quoting has finally arrived
Jan 23, 2015
It has taken years, but Xero has at last added integrated quoting to its online accounting software.
You can now get a no-contract wi-fi tablet from Telstra
Jan 17, 2015
Telstra has began selling wi-fi tablets out of contract without paying extra for cellular ...
Get your business ready for 2015: mobile payments
Jan 2, 2015
These handy apps from MYOB, Xero and others can reduce your administrative load and improve ...
Xero prepares for key feature coming in 2015
Dec 19, 2014
Xero users will be able to track how their business is comparing to other Xero users.
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  36%
 
Your insurance company
  5%
 
A technology company (Google, Facebook et al)
  9%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  4%
 
A Federal Government agency (ATO, Centrelink etc)
  18%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  7%
TOTAL VOTES: 2952

Vote
Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
  27%
 
I DON'T support shutting the OAIC.
  73%
TOTAL VOTES: 928

Vote