(LiveHacking.Com) – Microsoft is no stranger to fighting botnets. Over the last eighteen months it has led a varirty of operations (b49, b107 and b79) to dismantle botnet networks which are used to conduct various criminal activities including spamming, click fraud, and malware distribution. This week, together with partners in the financial services industry, Microsoft led Operation b71 a new action to disrupt Zeus (Win32/Zbot) botnets.
Zeus botnots are complex and Microsoft have not been able to shutdown every botnot in existence (and nor was that its goal), however Microsoft expect that Operation b71 will significantly impact the cybercriminals’ operations and infrastructure. Operation b71, which targeted the command and control infrastructure of various botnets using Zbot, Spyeye and Ice IX variants of the Zeus family of malware, was carried out by Microsoft together with the Information Sharing and Analysis Center (FS-ISAC), the Electronic Payments Association (NACHA), Kyrus Tech and F-Secure.
After a months of investigation and a successful pleading before the U.S. District Court for the Eastern District of New York there was a coordinated seizure of command and control servers in Scranton, Penn. and Lombard, Ill. (which are some of the worst known Zeus botnets). This has disrupted the net and yielded valuable evidence and intelligence.
The Zeus malware uses keylogging to record a victim’s keystrokes to monitor online activity and gain access to usernames and passwords in order to steal a victim’s identity, take money from their bank accounts and make online purchases.
“Zeus is especially dangerous because it is sold in the criminal underground as a crimeware kit, which allows criminals to set up new command and control servers and create their own individual Zeus botnets. These crimeware kits sell for anywhere between $700 to $15,000, depending on the version and features of the kit. Overall, Microsoft has detected more than 13 million suspected infections of this malware worldwide, with more than 3 million in the United States alone,” wrote Richard Domingues Boscovich, Senior Attorney, Microsoft Digital Crimes Unit.
The operation culminated in the physical seizure of command and control servers. Representatives from Microsoft, FS-ISAC and NACHA were escorted by U.S. Marshals during the operation. Microsoft also currently monitors 800 domains secured in the operation, which helps us to identify thousands of Zeus-infected computers.
“We don’t expect this action to have wiped out every Zeus botnet operating in the world. However, together, we have proactively disrupted some of the most harmful botnets, and we expect this effort will significantly impact the cybercriminal underground for quite some time,” added Boscovich.