Microsoft leads seizure of Zeus-related cybercrime servers
The company said it has shutdown several botnets that stole an estimated US$100 million over five years
IDG News Service - Microsoft said on Monday it and several partners had disrupted several cybercrime rings that used a notorious piece of malicious software called Zeus to steal US$100 million over the last five years.
The company said a consolidated legal case has been filed against those allegedly responsible that for the first time applies the Racketeer Influenced and Corrupt Organizations (RICO) Act.
Zeus has been a thorn in the side for financial institutions due to its stealthy nature and advanced spying capabilities that center around stealing online banking and e-commerce credentials for fraud.
According to a complaint filed under seal on March 19 in the U.S. District Court for the Eastern District of New York, Microsoft accused the defendants of infecting more than 13 million computers and stealing more than US$100 million over the last five years.
The civil complaint lists 39 "John Doe" defendants, many of whom are identified only by online nicknames, such as "Gribodemon" and "Harderman."
It marks the latest action led by Microsoft against botnet operators. The company has gone to court before to gain permission to take control over domain names associated with the command-and-control infrastructure of botnets such as Kelihos, Rustock and Waledac.
The company has also initiated civil proceedings against unnamed operators but has had little success due to jurisdiction issues.
Mark Debenham, senior manager of investigations for Microsoft's Digital Crimes Unit, said the creators of Zeus -- as well as related malware such as SpyEye and Ice-IX -- sold "builder kits" to other would-be cybercriminals. Simple versions sold for as little as $700, while more advanced versions could cost $15,000 or more, according to Debenham's affidavit.
Microsoft also said this is the first time other parties have joined it as a plaintiff in a botnet case. The other plaintiffs are the Financial Services Information Sharing and Analysis Center, a nonprofit security organization, and the National Automated Clearing House Association (NACHA).
NACHA oversees the Automated Clearing House system (ACH), a widely-used but aging system used by financial institutions for exchanging details of direct deposits, checks and cash transfers made by businesses and individuals. It has been heavily targeted by Zeus.
In a single day in August 2011, 167 million phishing emails purported to be from NACHA were sent, according to a sworn affidavit included in the court documents from Pamela Moore, senior vice president of administrative services and NACHA's CFO. Those emails tried to entice victims into clicking links that led to malicious servers which would then install Zeus, she testified.
On a normal day, NACHA would only send out about 1,500 legitimate messages.
"The Zeus botnets have caused, and continue to cause, extreme damage to NACHA and its members, which, if allowed to continue, will be compounded as the case proceeds," Moore testified.
The court granted Microsoft and its partners permission to seize servers located in Scranton, Pennsylvania, and Lombard, Illinois, on Friday. Microsoft has also taken control of 800 domains that are part of Zeus' infrastructure in an attempt to completely wrest control of the networks from their operators.
Microsoft said the action resulted in the disruption of several of Zeus botnets, and it would now work to identify and notify people whose computers are infected with the malicious software. Also contributing to the action was Finnish security vendor F-Secure and Kyrus Tech, a security company.
Send news tips and comments to firstname.lastname@example.org
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts