View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Microsoft leads Zeus botnet takedown

Servers running in Pennsylvania and Illinois seized in blow to banking malware family

By Vinod

Microsoft says it has dealt a major blow to criminals running online fraud and identity theft operations, by shutting down botnets that push the Zeus family of malware that targets financial institutions.

The Redmond giant says that it teamed up with the Financial Services Information Sharing and Analysis Center (FS-ISAC) Kyrus Tech, a vendor of digital forensics and penetration testing services, during the operation.

Richard Boscovich, a senior attorney in Microsoft’s Digital Crimes Unit said the shut down was made possible after a court in New York gave the company the authority to launch coordinated seizure of command and control servers running Zeus malware. The servers were grabbed from Scranton, Pennsylvania and Lombard, Illinois.

The seizure also provided Microsoft with plenty of other intelligence, including two IP addresses behind the Zeus ‘command and control’ structure and 800 domains, which Microsoft will use to help identify thousands of Zeus-infected computers, said Boscovich.

"With this action, we’ve disrupted a critical source of money-making for digital fraudsters and cyberthieves, while gaining important information to help identify those responsible and better protect victims," added Boscovich in a statement.

"The Microsoft Digital Crimes Unit has long been working to combat cybercrime operations, and today is a particularly important strike against cybercrime that we expect will be felt across the criminal underground for a long time to come."

He did however add that this operation is unlikely to have shut down every Zeus botnet.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

The investigation the led to this operation also revealed plenty of details about how the Zeus family of malware works. According to Microsoft, the malware can monitor a victim’s online activity and automatically start keylogging to capture any information used when the victim accesses a financial or eCommerce website. This information can then be used in identity theft or backing fraud.

Zeus is one of the most prevalent malware families around; Microsoft claims to have spotted 13 million suspected infections of it around the world.

One of the reasons it has spread so far and wide is how easy it is to get hold of. Microsoft says that it is sold in the criminal underground as a crimeware kit, meaning anyone can buy it and launch their own Zeus botnet. These crimeware kits sell for anywhere between $700 to $15,000, depending on the version and features of the kit, Boscovich added.

Microsoft previously helped shut down the Kelihos, Rustock and Waledac botnets The takedowns were all part of its Project MARS (Microsoft Active Response for Security), which aims to disrupt botnets and help victims regain control of their infected computers.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.