This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Microsoft takes down C&C servers to disrupt Zeus

Share this article:
Banking malware 'a growing threat', as new variant of Zeus is detected
Banking malware 'a growing threat', as new variant of Zeus is detected

Microsoft has disrupted a series of botnets including Zeus.

According to a statement by Richard Domingues Boscovich, senior attorney at Microsoft Digital Crimes Unit, it and partners filed a suit on 19 March against 'John Does 1-39', asking the court for permission to sever the command and control (C&C) structures of these Zeus botnets.

The C&Cs were located in Scranton, Pennsylvania and Lombard, Illinois; Microsoft said it was currently monitoring 800 domains secured in the operation.

Boscovich said the "valuable evidence gained in the operation" will be used to identify and recover infected users, undermine the organisation behind it and identify those responsible.

He said: “Due to the unique complexity of these particular targets, unlike our prior botnet takedown operations, the goal here was not the permanent shutdown of all impacted targets.

“Rather, our goal was a strategic disruption of operations to mitigate the threat in order to cause long-term damage to the cyber criminal organisation that relies on these botnets for illicit gain.”

He also said he did not expect this action to have wiped out every Zeus botnet, but to disrupt some of the most harmful botnets, which will "significantly impact the cyber criminal underground for quite some time".

The takedown was operated by Microsoft's Project MARS (Microsoft Active Response for Security) initiative – a joint effort between Microsoft's Digital Crimes Unit, Malware Protection Center, Support and the Trustworthy Computing team, as well as NACHA, The Electronic Payments Association, Kyrus Tech, F-Secure and the Information Sharing and Analysis Center.

Greg Garcia, a spokesperson for the three major financial industry associations that worked with Microsoft on this initiative, said: “As crimes against banks and their customers move from stick-ups to mouse clicks, we're also using our own mouse clicks, as well as the law, to help protect consumers and businesses. Disrupting the Zeus botnets is just one strike in our long-term commitment to help defend and protect people.”

Michael Tanji, chief security officer of Kyrus Tech, who helped analyse the Zeus malware and determine which botnets were the most dangerous, said: “We are proud to have played a part in this groundbreaking effort and hope that others will start working together to combat malicious activity at the same scale as it is being perpetrated.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

China refutes new FBI hacking claims

China refutes new FBI hacking claims

It's been another week of claims and counterclaims as the US and Chinese governments accuse each other of deviant cyber security practices.

SC Exclusive: Bank of England to appoint new CISO in January

SC Exclusive: Bank of England to appoint new ...

Bank of England Chief Information Security Officer (CISO) Don Randall is to leave his post in the New Year to take up an unspecified supervisory role, with William Brandon set ...

Sandworm vulnerability seen targeting SCADA-based systems

Sandworm vulnerability seen targeting SCADA-based systems

Hard on the heels of the `Sandworm' spy group revealed by iSIGHT Partners earlier in the week, Trend Micro says its has spotted the zero-day vulnerability of the same name ...