Microsoft takes down C&C servers to disrupt Zeus
Banking malware 'a growing threat', as new variant of Zeus is detected
Microsoft has disrupted a series of botnets including Zeus.
According to a statement by Richard Domingues Boscovich, senior attorney at Microsoft Digital Crimes Unit, it and partners filed a suit on 19 March against 'John Does 1-39', asking the court for permission to sever the command and control (C&C) structures of these Zeus botnets.
The C&Cs were located in Scranton, Pennsylvania and Lombard, Illinois; Microsoft said it was currently monitoring 800 domains secured in the operation.
Boscovich said the "valuable evidence gained in the operation" will be used to identify and recover infected users, undermine the organisation behind it and identify those responsible.
He said: “Due to the unique complexity of these particular targets, unlike our prior botnet takedown operations, the goal here was not the permanent shutdown of all impacted targets.
“Rather, our goal was a strategic disruption of operations to mitigate the threat in order to cause long-term damage to the cyber criminal organisation that relies on these botnets for illicit gain.”
He also said he did not expect this action to have wiped out every Zeus botnet, but to disrupt some of the most harmful botnets, which will "significantly impact the cyber criminal underground for quite some time".
The takedown was operated by Microsoft's Project MARS (Microsoft Active Response for Security) initiative – a joint effort between Microsoft's Digital Crimes Unit, Malware Protection Center, Support and the Trustworthy Computing team, as well as NACHA, The Electronic Payments Association, Kyrus Tech, F-Secure and the Information Sharing and Analysis Center.
Greg Garcia, a spokesperson for the three major financial industry associations that worked with Microsoft on this initiative, said: “As crimes against banks and their customers move from stick-ups to mouse clicks, we're also using our own mouse clicks, as well as the law, to help protect consumers and businesses. Disrupting the Zeus botnets is just one strike in our long-term commitment to help defend and protect people.”
Michael Tanji, chief security officer of Kyrus Tech, who helped analyse the Zeus malware and determine which botnets were the most dangerous, said: “We are proud to have played a part in this groundbreaking effort and hope that others will start working together to combat malicious activity at the same scale as it is being perpetrated.”