Microsoft bests bank-busting botnet

Powered by SC Magazine
 

Zeus command and control knocked out.

Microsoft has dismantled command and control machines that supported one of the most pernicious trojans in existence, responsible for stealing tens of millions of dollars through the keystroke logging of online banking credentials.

The software giant announced as part of a coordinated effort with the Financial Services Information Sharing and Analysis Center (FS-ISAC) and NACHA – The Electronic Payments Association, it has dismantled prominent hubs that provided instructions to machines infected with Zeus and related malware families, including SpyEye.

US Marshals last week led the raid on hosting locations in America where they confiscated command-and-control (C&C) servers and dismantled two IP addresses in the process.

In addition, as a result of the seizure, Microsoft has assumed control of some 800 domains used to host the malware, a process known as sinkholing.

Codenamed "Operation b71," the undertaking relied on obtaining warrants through a lawsuit filed March 19 in US District Court against 39 "John Does" -- the complaint lists only their online aliases – who were believed responsible for running the C&C servers.

Interestingly, in the suit, Microsoft applied the Racketeer Influenced and Corrupt Organisations (RICO) Act, a federal law that extends penalties for those involved in organised crime.

"By incorporating the use of the RICO Act, we were able to pursue a consolidated civil case against everyone associated with the Zeus criminal operation, even if those involved in the 'organisation' were not necessarily part of the core enterprise," wrote Richard Boscovich, senior attorney with the Microsoft Digital Crimes Unit, in a blog post.

Security experts have long considered Zeus to be a criminal enterprise, and Microsoft said it has detected 13 million infections worldwide, with more than three million just in the US.

In addition, opportunistic criminals should have no problems finding exploit toolkits that can be used to fire off the Zeus trojan, especially after its source code was leaked last year.

This is the fourth time Microsoft has taken legal action against the purveyors of botnets. In the past, the company has been successful in taking down or disrupting the Waledac, Rustock and Kelihos networks of zombie computers.

While those botnets largely have gone away, some security experts believe Zeus will be a tougher knock-out.

On Monday, security researcher Aviv Raff tweeted: "Most [of the 800 under Microsoft's control] are old domains, and it's a drop in the ocean in general."

But Boscovich said the operation netted some major players.

"We don't expect this action to have wiped out every Zeus botnet operating in the world," he wrote.

"However, together, we have proactively disrupted some of the most harmful botnets, and we expect this effort will significantly impact the cybercriminal underground for some time."

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Microsoft bests bank-busting botnet
 
 
 
Top Stories
Hacks and frauds can't dampen Bitcoin buzz
[Blog post] Enthusiasts meet in Melbourne.
 
Qantas checks in with cloud computing
Impressed with results of public cloud bake-off.
 
Corrupt NSW Education IT contractor jailed
ICAC investigation goes all the way to Long Bay.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Have customers that won't pay debts?
Jul 10, 2014
The ACCC and ASIC have updated their advice when it comes to collecting debts.
Carpet cleaner faces court over online testimonials
Jul 4, 2014
The ACCC has initiated proceedings against A Whistle (1979) Pty Ltd, the franchisor of Electrodry...
You can now get 15GB of free online storage using Microsoft OneDrive
Jun 25, 2014
Cloud storage has reached both the capacity and price where it's a viable alternative to local ...
Another clever trick you can perform with Xero
Jun 25, 2014
Here is another way to reach out to particular subsets of your customers using Xero.
Have a phone, tablet and laptop?
Jun 20, 2014
This new Telstra pre-paid 4G mobile hotspot might be useful if you regularly need to use fast ...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  22%
 
Application integration concerns
  3%
 
Security and compliance concerns
  31%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  24%
 
Lack of stakeholder support
  4%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 498

Vote