Microsoft bests bank-busting botnet

Powered by SC Magazine
 

Zeus command and control knocked out.

Microsoft has dismantled command and control machines that supported one of the most pernicious trojans in existence, responsible for stealing tens of millions of dollars through the keystroke logging of online banking credentials.

The software giant announced as part of a coordinated effort with the Financial Services Information Sharing and Analysis Center (FS-ISAC) and NACHA – The Electronic Payments Association, it has dismantled prominent hubs that provided instructions to machines infected with Zeus and related malware families, including SpyEye.

US Marshals last week led the raid on hosting locations in America where they confiscated command-and-control (C&C) servers and dismantled two IP addresses in the process.

In addition, as a result of the seizure, Microsoft has assumed control of some 800 domains used to host the malware, a process known as sinkholing.

Codenamed "Operation b71," the undertaking relied on obtaining warrants through a lawsuit filed March 19 in US District Court against 39 "John Does" -- the complaint lists only their online aliases – who were believed responsible for running the C&C servers.

Interestingly, in the suit, Microsoft applied the Racketeer Influenced and Corrupt Organisations (RICO) Act, a federal law that extends penalties for those involved in organised crime.

"By incorporating the use of the RICO Act, we were able to pursue a consolidated civil case against everyone associated with the Zeus criminal operation, even if those involved in the 'organisation' were not necessarily part of the core enterprise," wrote Richard Boscovich, senior attorney with the Microsoft Digital Crimes Unit, in a blog post.

Security experts have long considered Zeus to be a criminal enterprise, and Microsoft said it has detected 13 million infections worldwide, with more than three million just in the US.

In addition, opportunistic criminals should have no problems finding exploit toolkits that can be used to fire off the Zeus trojan, especially after its source code was leaked last year.

This is the fourth time Microsoft has taken legal action against the purveyors of botnets. In the past, the company has been successful in taking down or disrupting the Waledac, Rustock and Kelihos networks of zombie computers.

While those botnets largely have gone away, some security experts believe Zeus will be a tougher knock-out.

On Monday, security researcher Aviv Raff tweeted: "Most [of the 800 under Microsoft's control] are old domains, and it's a drop in the ocean in general."

But Boscovich said the operation netted some major players.

"We don't expect this action to have wiped out every Zeus botnet operating in the world," he wrote.

"However, together, we have proactively disrupted some of the most harmful botnets, and we expect this effort will significantly impact the cybercriminal underground for some time."

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Microsoft bests bank-busting botnet
 
 
 
Top Stories
Windows 10 lands in Australia
Campaign to get business to upgrade kicks off.
 
NSW to build its own myGov
Service NSW digital profiles available by September.
 
Android bug leaves a billion phones open to attack
Hackers only need phone number to target devices.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
The 5 Windows 10 privacy issues you should be aware of
Jul 31, 2015
There are a few unsettling details when it comes to Windows 10 privacy
Windows 10 is here! (For some)
Jul 29, 2015
Delivery of the free upgrade versions of Windows 10 began today - have you got yours yet?
Microsoft reveals Microsoft Send, a new enterprise chat app to rival Slack
Jul 27, 2015
Microsoft Send is MSN Messenger for grownups, and you could be using it at work very soon
Developers offered $500,000 grants to find HoloLens uses
Jul 8, 2015
Can augmented-reality end up in business?
Microsoft Tossup: The planning app for unorganised groups of friends
Jul 8, 2015
App allows friends to research venues, vote on plans and chat. And depending on how you run your ...
Latest Comments
Polls
Should law enforcement be able to buy and use exploits?



   |   View results
Yes
  14%
 
No
  51%
 
Only in special circumstances
  17%
 
Yes, but with more transparency
  18%
TOTAL VOTES: 756

Vote