Microsoft and Law Enforcement Hit Zeus Botnet Servers

Monday, March 26, 2012



According to reports, tech giant Microsoft has yet again used the power of the courts to strike at the heart of a massive botnet operation.

Microsoft teamed with a cross-sector coalition of interested parties in instigating the legal and technological assault that resulted in the seizure of multiple command and control servers operating a massive Zeus Trojan botnet.

"In our most complex effort to disrupt botnets to date, Microsoft’s Digital Crimes Unit – in collaboration with Financial Services – Information Sharing and Analysis Center (FS-ISAC) and NACHA – The Electronic Payments Association, as well as Kyrus Tech Inc. – has executed a coordinated global action against some of the worst known cybercrime operations fueling online fraud and identity theft today. With this legal and technical action, a number of the most harmful botnets using the Zeus family of malware worldwide have been disrupted in an unprecedented, proactive cross-industry operation against this cybercriminal organization," the Microsoft blog states.

The following video was posted on YouTube related to the actions:


"After a months-long investigation, successful pleading before the U.S. District Court for the Eastern District of New York and a coordinated seizure of command and control servers in Scranton, Penn. and Lombard, Ill., some of the worst known Zeus botnets were disrupted by Microsoft and our partners worldwide. Valuable evidence and intelligence gained in the operation will be used both to help rescue peoples’ computers from the control of Zeus, as well as in an ongoing effort to undermine the cybercriminal organization and help identify those responsible," the Microsoft blog continued.

Microsoft was also instrumental in the Rustock botnet takedown. In February of 2011, Microsoft provided documentation that detailed the botnet's extensive structure in a federal court filing that was part of a lawsuit against a number of John Doe defendants.

Acting on the information Microsoft provided, federal marshals raided several internet hosting providers across the U.S. in March of 2011, seizing servers suspected of being used as Rustock command and control units.

Microsoft had also played a key role in efforts to shut down the Waledac botnet in 2010, though the operation continued functioning at a diminished capacity for a period, and some researchers believe that the infamous Kelihos botnet may have been another incarnation of the Waledac code.

In September of 2011, Microsoft obtained a court order to force Verisign to pull the plug on twenty-one domains associated with the Kelihos botnet spamming operation, which wass believed to be controlling nearly fifty-thousand zombie machines.

Possibly Related Articles:
Viruses & Malware
Microsoft malware Zeus Headlines botnet Law Enforcement trojan Courts
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked