Microsoft bests bank-busting botnet

Powered by SC Magazine
 

Zeus command and control knocked out.

Microsoft has dismantled command and control machines that supported one of the most pernicious trojans in existence, responsible for stealing tens of millions of dollars through the keystroke logging of online banking credentials.

The software giant announced as part of a coordinated effort with the Financial Services Information Sharing and Analysis Center (FS-ISAC) and NACHA – The Electronic Payments Association, it has dismantled prominent hubs that provided instructions to machines infected with Zeus and related malware families, including SpyEye.

US Marshals last week led the raid on hosting locations in America where they confiscated command-and-control (C&C) servers and dismantled two IP addresses in the process.

In addition, as a result of the seizure, Microsoft has assumed control of some 800 domains used to host the malware, a process known as sinkholing.

Codenamed "Operation b71," the undertaking relied on obtaining warrants through a lawsuit filed March 19 in US District Court against 39 "John Does" -- the complaint lists only their online aliases – who were believed responsible for running the C&C servers.

Interestingly, in the suit, Microsoft applied the Racketeer Influenced and Corrupt Organisations (RICO) Act, a federal law that extends penalties for those involved in organised crime.

"By incorporating the use of the RICO Act, we were able to pursue a consolidated civil case against everyone associated with the Zeus criminal operation, even if those involved in the 'organisation' were not necessarily part of the core enterprise," wrote Richard Boscovich, senior attorney with the Microsoft Digital Crimes Unit, in a blog post.

Security experts have long considered Zeus to be a criminal enterprise, and Microsoft said it has detected 13 million infections worldwide, with more than three million just in the US.

In addition, opportunistic criminals should have no problems finding exploit toolkits that can be used to fire off the Zeus trojan, especially after its source code was leaked last year.

This is the fourth time Microsoft has taken legal action against the purveyors of botnets. In the past, the company has been successful in taking down or disrupting the Waledac, Rustock and Kelihos networks of zombie computers.

While those botnets largely have gone away, some security experts believe Zeus will be a tougher knock-out.

On Monday, security researcher Aviv Raff tweeted: "Most [of the 800 under Microsoft's control] are old domains, and it's a drop in the ocean in general."

But Boscovich said the operation netted some major players.

"We don't expect this action to have wiped out every Zeus botnet operating in the world," he wrote.

"However, together, we have proactively disrupted some of the most harmful botnets, and we expect this effort will significantly impact the cybercriminal underground for some time."

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Microsoft bests bank-busting botnet
 
 
 
Top Stories
Toll Group to go Google
Poaches Woolworths project manager.
 
How News Corp's CIO tackled skills in his race to the cloud
What to do when your team’s talents are no longer needed.
 
Photos: How Thodey transformed Telstra
From turbulent Trujillo to Australia's leading telco.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Microsoft is offering Azure for Disaster Recovery to Australian SMBs
Feb 10, 2015
If you haven't talked to your IT provider about disaster recovery, it might be worth discussing ...
The 2015 Xero Roadshow is on: here are the locations and dates
Feb 6, 2015
The 2015 Xero Roadshow kicked off this week - see where you can attend at locations around ...
Microsoft Outlook is now on iPhone and iPad: why could this be useful?
Jan 30, 2015
Microsoft today released Office for Android and Outlook for iOS - complementing the other Office ...
Franchisees, here's something you should know about
Jan 23, 2015
You need to know the Code if you are a franchisee or franchisor as the penalties are significant.
Xero users rejoice! Quoting has finally arrived
Jan 23, 2015
It has taken years, but Xero has at last added integrated quoting to its online accounting software.
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  35%
 
Your insurance company
  5%
 
A technology company (Google, Facebook et al)
  9%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  4%
 
A Federal Government agency (ATO, Centrelink etc)
  18%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  7%
TOTAL VOTES: 3956

Vote
Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
  27%
 
I DON'T support shutting the OAIC.
  73%
TOTAL VOTES: 1347

Vote