This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Microsoft takes down C&C servers to disrupt Zeus

Share this article:
Banking malware 'a growing threat', as new variant of Zeus is detected
Banking malware 'a growing threat', as new variant of Zeus is detected

Microsoft has disrupted a series of botnets including Zeus.

According to a statement by Richard Domingues Boscovich, senior attorney at Microsoft Digital Crimes Unit, it and partners filed a suit on 19 March against 'John Does 1-39', asking the court for permission to sever the command and control (C&C) structures of these Zeus botnets.

The C&Cs were located in Scranton, Pennsylvania and Lombard, Illinois; Microsoft said it was currently monitoring 800 domains secured in the operation.

Boscovich said the "valuable evidence gained in the operation" will be used to identify and recover infected users, undermine the organisation behind it and identify those responsible.

He said: “Due to the unique complexity of these particular targets, unlike our prior botnet takedown operations, the goal here was not the permanent shutdown of all impacted targets.

“Rather, our goal was a strategic disruption of operations to mitigate the threat in order to cause long-term damage to the cyber criminal organisation that relies on these botnets for illicit gain.”

He also said he did not expect this action to have wiped out every Zeus botnet, but to disrupt some of the most harmful botnets, which will "significantly impact the cyber criminal underground for quite some time".

The takedown was operated by Microsoft's Project MARS (Microsoft Active Response for Security) initiative – a joint effort between Microsoft's Digital Crimes Unit, Malware Protection Center, Support and the Trustworthy Computing team, as well as NACHA, The Electronic Payments Association, Kyrus Tech, F-Secure and the Information Sharing and Analysis Center.

Greg Garcia, a spokesperson for the three major financial industry associations that worked with Microsoft on this initiative, said: “As crimes against banks and their customers move from stick-ups to mouse clicks, we're also using our own mouse clicks, as well as the law, to help protect consumers and businesses. Disrupting the Zeus botnets is just one strike in our long-term commitment to help defend and protect people.”

Michael Tanji, chief security officer of Kyrus Tech, who helped analyse the Zeus malware and determine which botnets were the most dangerous, said: “We are proud to have played a part in this groundbreaking effort and hope that others will start working together to combat malicious activity at the same scale as it is being perpetrated.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Google and Facebook offer free cyber-security tools

Google and Facebook offer free cyber-security tools

Google and Facebook have both launched free open-source cyber-security tools this week, designed to help security professionals spot malware and cyber-attacks.

Mixed results for key Government cyber-initiatives

Mixed results for key Government cyber-initiatives

The Government's Verify scheme to confirm IDs is behind scheuduled uptake, but its CISP threat intelligence sharing scheme is ahead of target.

Hundreds of companies face 2,000 cyber-attacks in EU exercise

Hundreds of companies face 2,000 cyber-attacks in EU ...

The European Network and Information Security Agency (ENISA) conducted a 24-hour cyber-exercise in which more than 200 organisations from 25 EU member states faced virtual cyber-attacks from white hat hackers ...