Microsoft leads strike on Zeus botnets
Microsoft has announced that last week – working closely with US authorities and financial services companies – it disrupted two Zeus botnets.
As part of its campaign against the botnets, Microsoft and US Marshals executed a search of two office buildings in Pennsylvania and Illinois. This resulted in command and control servers being taken offline and helped to secure evidence. At the same time, Microsoft was also able to take control of 800 domains apparently forming part of the botnets. The company, supported by FS-ISAC (Financial Services – Information Sharing and Analysis Center) and NACHA (the Electronic Payments Association), had obtained a court order enabling it to undertake this direct action.
The two botnets were involved in stealing personal financial data and were based on Zeus and Zeus-variants Spyeye and Ice-IX, all of which are spread via spam. Once one of these pieces of malware has infiltrated a computer, it logs keystrokes in order to steal online banking passwords, credit card numbers and other personal information.
In the papers filed in court, Microsoft accuses the bot herders of having caused losses totalling $100 million (about £62.62 million at current exchange rates) over the last five years. It also accuses the people behind the malware of offering it for sale at prices ranging from $700 to $15,000 dollars (£438 to £9,394).
Microsoft believes that 13 million computers are infected with Zeus globally. Whether the US action will have knock-on effects on criminal use of Zeus botnets remains to be seen. The Zeus Tracker project currently lists 358 command and control servers as being online, 25 of which are fully active, with no sign of a significant decrease.
This is not the first time that Microsoft has been involved in officially approved action against botnets and bot herders. Just a few weeks ago it undertook the disruption of the Rustock network, in September 2011 it was involved in shutting down the Kelihos network, and in 2010 it took action against the Waledac network.
In parallel to direct operations like this, businesses in general also gradually seem to be displaying a broader willingness to take action against botnets and other acts of cyber crime. On Friday, major US ISPs signed up to a code of conduct drawn up by the US Federal Communications Commission. Signatories, which include AT&T, Comcast and Verizon, pledge to better explain the dangers of botnets to their customers and to help them identify and resolve any infections.