Reports indicate that Microsoft, with an escort of U.S. Marshals seized control of command and control servers on Friday in two states in America. This is an ongoing campaign by Microsoft to take down botnets involving 13 million computers infected with the Zeus Malware.
Microsoft announced last night that “some of the worst known Zeus botnets were disrupted by Microsoft and our partners worldwide.”
They added “In our most complex effort to disrupt botnets to date, Microsoft’s Digital Crimes Unit – in collaboration with Financial Services – Information Sharing and Analysis Center (FS-ISAC) and NACHA – The Electronic Payments Association, as well as Kyrus Tech Inc. – has executed a coordinated global action against some of the worst known cybercrime operations fueling online fraud and identity theft today. With this legal and technical action, a number of the most harmful botnets using the Zeus family of malware worldwide have been disrupted in an unprecedented, proactive cross-industry operation against this cybercriminal organization.”
The court’s seizure order said “The United States Marshals and their deputies shall be accompanied by plaintiffs’ attorneys and forensic experts a the foregoing described seizure, to assit with identifying, inventorying, taking possession of, and isolating defandants’ computer resources, command and control software, and other software components that are seized.”
It also stated that the U.S. Marshalls would hold up to four hours of internet traffic before disconnecting the computers from the internet. Microsoft issued a suit against 39 unnamed defendants with nicknames such as iceIX, Veggi Roma, susanneon, JabberZeus Crew, and h4x0rdz.
We have reported on similar events before as Microsoft try to stamp down on bot attacks. The Zeus Malware is very serious as it can run in the background of an infected computer, logging keystrokes and allowing the hackers to transfer money from bank accounts and engage in identity theft. Taking down the command and control servers is important as they run networks of infected machines which are called ‘botnets’.
Microsoft have already targeted the Waledac, Rustock and Kelihos botnets. Microsoft said “Due to the unique complexity of these particular targets, unlike our prior botnet takedown operations, the goal here was not the permanent shutdown of all impacted targets. Rather, our goal was a strategic disruption of operations to mitigate the threat in order to cause long-term damage to the cybercriminal organization that relies on these botnets for illicit gain.”
Microsoft are taking the matter seriously saying “Zeus is especially dangerous because it is sold in the criminal underground as a crimeware kit, which allows criminals to set up new command and control servers and create their own individual Zeus botnets, These crimeware kits sell for anywhere between $700 to $15,000, depending on the version and features of the kit.”
You can read more about this, here.