The Tech Herald

Microsoft smashes Zeus and SpyEye botnets with giant RICO bat

by Steve Ragan - Mar 26 2012, 19:27

Microsoft smashes Zeus and SpyEye botnets with giant RICO bat.(IMG:J.Anderson)

Microsoft did it again. Their Digital Crimes Unit in Redmond, Washington, has used technical monitoring and tracking, along with court authorized asset seizure to target botnets driven by Zeus.

Codenamed Operation b71, Microsoft worked with the Financial Services – Information Sharing and Analysis Center (FS-ISAC), the NACHA (the organization that manages the ACH network used by financial institutions everywhere), malware experts from F-Secure, and the U.S. Marshals in order to accomplish their tasks.

Escorted by the Marshals, Microsoft visited two data centers last Friday, one in Scranton, Pa., and the other in Lombard, Ill., in order to seize command and control (C&C) servers, and take down two IP addresses associated with the Zeus family of botnets, including SpyEye and Ice-IX.

Moreover, Microsoft was given access to 800 domains in order to help identify victims and move the investigation forward. This is the fourth time Microsoft has used the courts to target and takedown a massive botnet. Previous actions targeted the Waledac, Rustock and Kelihos botnets.

“With this action, we’ve disrupted a critical source of money-making for digital fraudsters and cyberthieves, while gaining important information to help identify those responsible and better protect victims,” said Richard Boscovich, senior attorney for the Microsoft Digital Crimes Unit.

The Zeus botnet, later forked into SpyEye and Ice-IX, is blamed for more than $500 million in fraudulent financial transactions. Since 2007, Microsoft has detected more than 13 million suspected infections of the Zeus malware worldwide, including approximately 3 million computers in the United States alone.

The way Microsoft went about things is what makes the take down interesting. On March 19, Microsoft filed a suit against John Does 1-39, asking the court for permission to sever the command and control structures of these Zeus botnets.

Given that the organizers behind Zeus operate as a organized group, Microsoft was able to apply the Racketeer Influenced and Corrupt Organizations (RICO) Act in the case as the legal basis for this operation.

“We don’t expect this action to have wiped out every Zeus botnet operating in the world. However, together, we have proactively disrupted some of the most harmful botnets, and we expect this effort will significantly impact the cybercriminal underground for quite some time,” explained Richard Domingues Boscovich, the senior attorney for the MS DCU.

“Cybercriminals are in this for the money and this action was an unprecedented strike against the illicit infrastructure on which they rely. The operation will help further investigations against those responsible for the threat and help us better protect victims.”

Legal documentation in the case can be found at http://www.zeuslegalnotice.com.

Around the Web

Comment on this Story

comments powered by Disqus

From Autosaur.com

Mercedes-Benz S63 AMG 4MATIC Coupe Pictures and Specs

Check out these awesome pictures of the new Mercedes-Benz S63 AMG 4MATIC Coupe, which was re...

2014 New York Auto Show Pictures – Day One

Here are a selection of the main cars unveiled on the first day of the 2014 New York Auto Sh...

2014 Rolls-Royce Ghost Series 2 Pictures

Rolls-Royce have released a string of pictures of the Rolls-Royce Series II, unveiled at the 2014 ...

Gymkhana star Ken Block and Neymar’s Footkhana Video Teaser

Rally legend Ken Block, star of the famous Gymkhana video series, is releasing a new video to celb...

Aston Martin V8 Vantage GT Pictures

Here are some great pictures of the new V8 Vantage GT. The model, unveiled at the 2014 New York In...