The Tech Herald

Microsoft smashes Zeus and SpyEye botnets with giant RICO bat

by Steve Ragan - Mar 26 2012, 19:27

Microsoft smashes Zeus and SpyEye botnets with giant RICO bat.(IMG:J.Anderson)

Microsoft did it again. Their Digital Crimes Unit in Redmond, Washington, has used technical monitoring and tracking, along with court authorized asset seizure to target botnets driven by Zeus.

Codenamed Operation b71, Microsoft worked with the Financial Services – Information Sharing and Analysis Center (FS-ISAC), the NACHA (the organization that manages the ACH network used by financial institutions everywhere), malware experts from F-Secure, and the U.S. Marshals in order to accomplish their tasks.

Escorted by the Marshals, Microsoft visited two data centers last Friday, one in Scranton, Pa., and the other in Lombard, Ill., in order to seize command and control (C&C) servers, and take down two IP addresses associated with the Zeus family of botnets, including SpyEye and Ice-IX.

Moreover, Microsoft was given access to 800 domains in order to help identify victims and move the investigation forward. This is the fourth time Microsoft has used the courts to target and takedown a massive botnet. Previous actions targeted the Waledac, Rustock and Kelihos botnets.

“With this action, we’ve disrupted a critical source of money-making for digital fraudsters and cyberthieves, while gaining important information to help identify those responsible and better protect victims,” said Richard Boscovich, senior attorney for the Microsoft Digital Crimes Unit.

The Zeus botnet, later forked into SpyEye and Ice-IX, is blamed for more than $500 million in fraudulent financial transactions. Since 2007, Microsoft has detected more than 13 million suspected infections of the Zeus malware worldwide, including approximately 3 million computers in the United States alone.

The way Microsoft went about things is what makes the take down interesting. On March 19, Microsoft filed a suit against John Does 1-39, asking the court for permission to sever the command and control structures of these Zeus botnets.

Given that the organizers behind Zeus operate as a organized group, Microsoft was able to apply the Racketeer Influenced and Corrupt Organizations (RICO) Act in the case as the legal basis for this operation.

“We don’t expect this action to have wiped out every Zeus botnet operating in the world. However, together, we have proactively disrupted some of the most harmful botnets, and we expect this effort will significantly impact the cybercriminal underground for quite some time,” explained Richard Domingues Boscovich, the senior attorney for the MS DCU.

“Cybercriminals are in this for the money and this action was an unprecedented strike against the illicit infrastructure on which they rely. The operation will help further investigations against those responsible for the threat and help us better protect victims.”

Legal documentation in the case can be found at

Around the Web

Comment on this Story

comments powered by Disqus


New Mercedes-Benz S63 AMG 4MATIC Coupe (Pictures)

Mercedes have revealed details and pictures of their new S63 AMG 4MATIC Coupe — and it’s a b...

Shelby GT350 Mustang Pictures

We have added a bunch of pictures of the all-new Shelby GT350 Mustang from Ford. The ne...

All-new Shelby GT350 Mustang

Ford have revealed details of the new Shelby GT350 Mustang. First introduced in 1965 the new...

Best Cars To Buy In 2015

Leading vehicle research company Kelley Blue Book has released its list of the best cars to ...

A.C. Milan Take On Audi R8

Five A.C. Milan stars take on an Audi R8 in a game of street soccer in a new ad for Toyo Tir...