This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Microsoft takes down C&C servers to disrupt Zeus

Share this article:
Banking malware 'a growing threat', as new variant of Zeus is detected
Banking malware 'a growing threat', as new variant of Zeus is detected

Microsoft has disrupted a series of botnets including Zeus.

According to a statement by Richard Domingues Boscovich, senior attorney at Microsoft Digital Crimes Unit, it and partners filed a suit on 19 March against 'John Does 1-39', asking the court for permission to sever the command and control (C&C) structures of these Zeus botnets.

The C&Cs were located in Scranton, Pennsylvania and Lombard, Illinois; Microsoft said it was currently monitoring 800 domains secured in the operation.

Boscovich said the "valuable evidence gained in the operation" will be used to identify and recover infected users, undermine the organisation behind it and identify those responsible.

He said: “Due to the unique complexity of these particular targets, unlike our prior botnet takedown operations, the goal here was not the permanent shutdown of all impacted targets.

“Rather, our goal was a strategic disruption of operations to mitigate the threat in order to cause long-term damage to the cyber criminal organisation that relies on these botnets for illicit gain.”

He also said he did not expect this action to have wiped out every Zeus botnet, but to disrupt some of the most harmful botnets, which will "significantly impact the cyber criminal underground for quite some time".

The takedown was operated by Microsoft's Project MARS (Microsoft Active Response for Security) initiative – a joint effort between Microsoft's Digital Crimes Unit, Malware Protection Center, Support and the Trustworthy Computing team, as well as NACHA, The Electronic Payments Association, Kyrus Tech, F-Secure and the Information Sharing and Analysis Center.

Greg Garcia, a spokesperson for the three major financial industry associations that worked with Microsoft on this initiative, said: “As crimes against banks and their customers move from stick-ups to mouse clicks, we're also using our own mouse clicks, as well as the law, to help protect consumers and businesses. Disrupting the Zeus botnets is just one strike in our long-term commitment to help defend and protect people.”

Michael Tanji, chief security officer of Kyrus Tech, who helped analyse the Zeus malware and determine which botnets were the most dangerous, said: “We are proud to have played a part in this groundbreaking effort and hope that others will start working together to combat malicious activity at the same scale as it is being perpetrated.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

CISOs offered new way to secure Android devices

CISOs offered new way to secure Android devices

US and German researchers have come up with a novel way to secure the notoriously flaw-ridden Android - a framework that allows corporate and other users to rapidly add security ...

Rogue UK and US spies 'help safeguard Tor network'

Rogue UK and US spies 'help safeguard Tor ...

Extremists and paedophiles protected by 'white hat' hackers in GCHQ and NSA, says unconfirmed BBC report.

Cyber Security Challenge joins with GCHQ for security development programme

Cyber Security Challenge joins with GCHQ for security ...

The Cyber Security Challenge is linking with GCHQ to develop counter-espionage and cyber security skills for the real world.