Microsoft says it has dealt a major blow to criminals running online fraud and identity theft operations, by shutting down botnets that push the Zeus family of malware that targets financial institutions.
The Redmond giant says that it teamed up with the Financial Services Information Sharing and Analysis Center (FS-ISAC) Kyrus Tech, a vendor of digital forensics and penetration testing services, during the operation.
Richard Boscovich, a senior attorney in Microsoft’s Digital Crimes Unit said the shut down was made possible after a court in New York gave the company the authority to launch coordinated seizure of command and control servers running Zeus malware. The servers were grabbed from Scranton, Pennsylvania and Lombard, Illinois.
The seizure also provided Microsoft with plenty of other intelligence, including two IP addresses behind the Zeus ‘command and control’ structure and 800 domains, which Microsoft will use to help identify thousands of Zeus-infected computers, said Boscovich.
"With this action, we’ve disrupted a critical source of money-making for digital fraudsters and cyberthieves, while gaining important information to help identify those responsible and better protect victims," added Boscovich in a statement.
"The Microsoft Digital Crimes Unit has long been working to combat cybercrime operations, and today is a particularly important strike against cybercrime that we expect will be felt across the criminal underground for a long time to come."
He did however add that this operation is unlikely to have shut down every Zeus botnet.
The investigation the led to this operation also revealed plenty of details about how the Zeus family of malware works. According to Microsoft, the malware can monitor a victim’s online activity and automatically start keylogging to capture any information used when the victim accesses a financial or eCommerce website. This information can then be used in identity theft or backing fraud.
Zeus is one of the most prevalent malware families around; Microsoft claims to have spotted 13 million suspected infections of it around the world.
One of the reasons it has spread so far and wide is how easy it is to get hold of. Microsoft says that it is sold in the criminal underground as a crimeware kit, meaning anyone can buy it and launch their own Zeus botnet. These crimeware kits sell for anywhere between $700 to $15,000, depending on the version and features of the kit, Boscovich added.
Microsoft previously helped shut down the Kelihos, Rustock and Waledac botnets The takedowns were all part of its Project MARS (Microsoft Active Response for Security), which aims to disrupt botnets and help victims regain control of their infected computers.
