Microsoft, along with Kyrus Tech Inc and some of the leaders of the financial services industry, managed to deliver a blow to a few cybercriminal organizations by disrupting the activities of a number of botnets which relied on the infamous Zeus Trojan.
The Redmond company’s representatives state that they’re aware of the fact that the botnets are not completely shut down, but they’re highly confident that the impact on the activities of the cybercriminals that operated them is considerable.
Dubbed Operation b71
, the action focused mainly on botnets that used pieces of malware such as Zeus, SpyEye and Ice IX, which are known for being designed to steal financial information from the owners of the computers they infect.
These pieces of malware rely on a technique called keylogging
, which enables them to record every keystroke in search for sensitive information such as usernames, passwords and any other data that could allow the cybercriminals to gain access to bank accounts.
“We don’t expect this action to have wiped out every Zeus botnet operating in the world. However, together, we have proactively disrupted some of the most harmful botnets, and we expect this effort will significantly impact the cybercriminal underground for quite some time,” said
Richard Domingues Boscovich, senior attorney at Microsoft Digital Crimes Unit.
On March 19, 2012, Microsoft filed a lawsuit against 39 individuals and on March 23, with the aid of US Marshals, they physically seized the command and control servers from two locations. The confiscated servers store large amounts of information that can be used against the suspects in a court of law.
“We took down two IP addresses behind the Zeus ‘command and control’ structure. Microsoft also currently monitors 800 domains secured in the operation, which helps us to identify thousands of Zeus-infected computers,” Boscovich added.
Other organizations that participated in the operation include Financial Services – Information Sharing and Analysis Center (FS-ISAC), NACHA, The Electronic Payments Association, and F-Secure.
Here's a video made by Microsoft in which the operation is detailed:
Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile.