Sign in with
Sign up | Sign in

Microsoft Seizes Two Zeus Botnet Server Command Stations

By - Source: Microsoft | B 17 comments

Two Zeus bothnet command and control stations were seized by Microsoft on Friday.

On Sunday Microsoft sent out a press release announcing that -- with the collaboration of the financial services industry -- it successfully executed a coordinated global attack against some of the most harmful Zeus botnets on the planet. The raid was conducted at two nondescript office buildings in Scranton, Pa., and Lombard, Ill. on Friday by Microsoft's legal team and technical personnel. They were accompanied by United States marshals with a warrant in hand.

Microsoft said the raids were made possible through a successful pleading before the U.S. District Court for the Eastern District of New York (Case No. CV 12-1335 (CBA)). And because these Zeus botnets were used to steal personal information, FS-ISAC and NACHA joined Microsoft as plaintiffs in the civil suit, and Kyrus Tech Inc. served as a declarant in the case. Other organizations, including F-Secure, also provided supporting information for the case. The resulting warrant allowed Microsoft and its partners to conduct a coordinated seizure of command and control servers running some of the more highly-offensive Zeus botnets.

"With this action, we’ve disrupted a critical source of money-making for digital fraudsters and cyberthieves, while gaining important information to help identify those responsible and better protect victims," said Richard Boscovich, senior attorney for the Microsoft Digital Crimes Unit. "The Microsoft Digital Crimes Unit has long been working to combat cybercrime operations, and today is a particularly important strike against cybercrime that we expect will be felt across the criminal underground for a long time to come."

Before shutting the command and control servers down, Microsoft and the U.S. Marshals collected virtual evidence to be used against the "John Doe" individuals behind the botnets. They also nuked two IP addresses used by the Zeus command and control structure, and took control of 800 domains which will be monitored to identify thousands of computers infected by the Zeus malware.

Is this the end of Zeus? Far from it. Microsoft had no intention of shutting down the entire Zeus botnet ecosystem. Instead, the raid is expected to damage the cybercriminals' operations and infrastructure. It's also expected to help victims regain control of their PC while accelerating further investigations against those responsible for the Zeus botnet. In other words, Microsoft wants to catch them in the act, and the raid on Friday provided evidence leading them closer to the Zues Botnet King. Boscovich himself even said the sweep was meant to send a message to the criminals behind the botnet operation, that Microsoft is on the prowl.

"As with its previous botnet operations, Microsoft will now use the intelligence gained from this operation to partner with Internet service providers and Community Emergency Response Teams around the world to help rescue people’s computers from the control of Zeus, helping to reduce the size of the threat that these botnets pose and to help make the Internet safer for consumers and businesses worldwide," the company said on Monday. "Together, these aspects of the operation are expected to undermine the criminal infrastructure that relies on these botnets every day to make money and to help provide new tools for the industry to work together to proactively fight cybercrime."

Previously Boscovich, a former federal prosecutor, handled drug, computer and financial crime cases in Miami before taking the role of senior attorney for the Microsoft Digital Crimes Unit. The raid is reportedly his "brainchild," as he came up with the idea to argue with the court that the hackers behind the Zeus botnet were violating Microsoft’s trademarks through fake e-mails they used to spread their malicious software. Clever.

Microsoft uploaded an awesome video covering the actual raids here.

Discuss
Ask a Category Expert

Create a new thread in the News comments forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
Top Comments
  • 15 Hide
    LuckyDucky7 , March 27, 2012 3:38 AM
    Quote:
    The raid is reportedly his "brainchild," as he came up with the idea to argue with the court that the hackers behind the Zeus botnet were violating Microsoft’s trademarks through fake e-mails they used to spread their malicious software. Clever.


    So we're going after Al Capone on tax evasion?
    Hey, if it works...
Other Comments
    Display all 17 comments.
  • 15 Hide
    LuckyDucky7 , March 27, 2012 3:38 AM
    Quote:
    The raid is reportedly his "brainchild," as he came up with the idea to argue with the court that the hackers behind the Zeus botnet were violating Microsoft’s trademarks through fake e-mails they used to spread their malicious software. Clever.


    So we're going after Al Capone on tax evasion?
    Hey, if it works...
  • 7 Hide
    A Bad Day , March 27, 2012 3:57 AM
    Give them a week. They'll be back at 90% operation.

    I wonder what would the law enforcement do if the operators of the botnet lived in an uncooperative country, such as Russia, or a 3rd world country such as Somali?
  • -5 Hide
    kinggraves , March 27, 2012 5:04 AM
    Since when did Microsoft become a police force?

    This is "US Marshals were accompanied by Microsoft", not vice versa. Microsoft does not have the legal jurisdiction to execute search and seizure, make an arrest, use a firearm without proper training, or anything else related. They maybe helped gather some evidence then tagged along for publicity.
  • 7 Hide
    noidis , March 27, 2012 8:13 AM
    People blowing this way out of proportion. I'm glad that the gov is realizing it needs help to deal with cyber criminals. Seriously, how much would they have done had Microsoft not sent people to tag along?

    Cooperation while it's a scary concept is the only way to get these parasites in jail.
  • 6 Hide
    Anonymous , March 27, 2012 8:40 AM
    What this tells me is not that MS is above the law, or is the law but that the US Law Enforcers /Government agencies are too incompetent to deal with the Zeus bots themselves, so have to rely on MS.

    How long before the US Gov starts paying MS to protect its Defence networks?
  • -5 Hide
    Hypertraxx , March 27, 2012 9:38 AM
    Oke, good dog. Now start improve Windows 8 by removing all the metro crap for pc's. O and make me a start button.
  • 5 Hide
    back_by_demand , March 27, 2012 1:29 PM
    A Bad DayGive them a week. They'll be back at 90% operation.I wonder what would the law enforcement do if the operators of the botnet lived in an uncooperative country, such as Russia, or a 3rd world country such as Somali?

    Worst case scenario for the Zeus people is the local law enforcement do the raids, in which case torture and death is the likely outcome
  • 0 Hide
    svdb , March 27, 2012 4:38 PM
  • 1 Hide
    TeraMedia , March 27, 2012 4:55 PM
    @A Bad Day: The US Navy would say, "We have an App for that..."

    You can't arrest them if their office / home / bunker gets demo'ed by a 500 lb-er. But I suspect such an approach would be reserved for the true "Bot King", and not for his underlings.
  • -1 Hide
    dalethepcman , March 27, 2012 5:28 PM
    Zingam"The raid was conducted at two nondescript office buildings in Scranton, Pa., and Lombard, Ill. on Friday by Microsoft's legal team and technical personnel. They were accompanied by United States marshals with a warrant in hand."Wow? Seriously is Microsoft above law enforcement agencies? Is Microsoft above the law? Is Microsoft the Law? Does Microsoft own the Police?


    Everyone knows US marshals have computers experts to rival Microsoft that can tell which servers need to be taken down, even though Microsoft provided most the evidence for this case.

    Stupid troll is stupid...

  • 0 Hide
    dextermat , March 27, 2012 7:39 PM
    So that's two down, a million to go.....

    Just like war against drugs.... completely useless
  • 2 Hide
    f-14 , March 27, 2012 7:40 PM
    greyiagoPut your finger in the dam, Microsoft. All you're doing is chasing your tail. Come up with real software solutions to prevent this, not running around getting publicity and playing law man. With the source out there, you won't ever see the end of Zeus.

    you think the inventor of the wheel feels about people using them in war machines to kill other people was supposed to put preventions in place so that it couldn't be used against him or others?
    shoot the hackers for doing the wrong.
    you can't stop bad people from doing bad things nor can you stop stupid people from doing bad things, if everything in this world was designed to prevent this there would be absolutely ZERO progress. it is far easier and better to round up those people and put them in places where they learn what happens if they do bad or are prevented from doing bad.
    this is why we don't put compulsive button pushing freaks in nuclear power plants or make serial killers judges or people with diabetes, heart conditions or seizures drive bus loads full of people.
    if your a hacker and you find a security problem, instead of being bad and exploiting it, try fixing it and then showing the company the problem and offer them the fix for a nominal fee you feel is worthy of your time and expertise and the seriousness of the problem and if you and the company don't agree, that's what the word negotiation was made for!
    i have no problems or sympathy sitting on a jury for these clowns and giving them prison for life but if i find out they caused some little old lady or grandpa to lose enough money they couldn't afford their heart medicine and die i have no problems condemning these hacks to death.
  • 0 Hide
    A Bad Day , March 27, 2012 9:18 PM
    jacekringAgreed if they live in Russia and the Russians agree to arrest them. They will be F'd, the Russian police pull people out of cars and beat them before arresting them.


    "I pay you $20,000, you agree that nothing happened."

    ZingamSomalia? Are you serious? News flash: "Pirates turned Hackers"


    News flash: Congress declares War on Hackers after being egged on by software companies, Literally.
  • 2 Hide
    AidanJC , March 27, 2012 11:39 PM
    HypertraxxOke, good dog. Now start improve Windows 8 by removing all the metro crap for pc's. O and make me a start button.


    Perhaps a spell check integrated into YOUR browser would help more?
  • 0 Hide
    Anonymous , April 1, 2012 4:47 AM
    microsoft is just covering its butt. these "bots" use backdoors that microsoft put in for spying on users. they were forced to , thats why bill gates stepped down from microsoft after a series of "meetings" with certain gov'mt intellegence agc'ys, he didnt want to be part of the mess when it gets exposed.
    just thinking..........