Microsoft takes down botnets of online banking thieves

By Antone Gonsalves on Mar 27, 2012 8:28 AM
Filed under Security

Zeus family disrupted.

Microsoft has taken down a number of malware-spreading botnets that infected millions of computers worldwide and stole more than $US100 million ($A95 million) from financial institutions and other businesses.

Under the escort of US Marshals and with a warrant from a federal judge, Microsoft and two other co-plaintiffs in a lawsuit against the unidentified botnet operators seized command-and-control servers in two US locations. A federal court in New York granted permission for the seizure, which included taking control of 800 domains used in the criminal network.

According to court papers, Microsoft disrupted a botnet of 13 million computers, including 3 million in the US, that spread the Zeus family of malware that included the SpyEye and Ice-IX variants. The malware tracks a computer user's online activity and records keystrokes, so it can steal the user name and password when a victim visits an online banking site.

The Zeus-related malware has caused more than a half-billion dollars in damages to businesses, according to Microsoft. The botnets taken down Friday following a month-long investigation stole more than $100 million over the last five years.

"With this action, we’ve disrupted a critical source of money-making for digital fraudsters and cyberthieves, while gaining important information to help identify those responsible and better protect victims," Richard Boscovich, senior attorney for the Microsoft Digital Crimes Unit, said.

"The Microsoft Digital Crimes Unit has long been working to combat cybercrime operations, and today is a particularly important strike against cybercrime that we expect will be felt across the criminal underground for a long time to come."

In shutting down the malware networks, Microsoft invoked the Racketeer Influenced and Corrupt Organisations Act for the first time. The RICO act is used in cases against organised crime. While no arrests have been made, Microsoft and the other plaintiffs believe an organisation of criminals is behind the botnets.

Joining Microsoft in the civil suit that led to the seizures were the Financial Services Information Sharing and Analysis Centre, a nonprofit formed by financial institutions to fight cybercrime, and the NACHA Electronics Payments Association, which manages the network for electronic payments, such as direct deposits and funds transfers.

The latest operation was the fourth high-profile botnet takedown led by Microsoft's Project MARS (Microsoft Active Response for Security) initiative. The previous operation shuttered the Kelihos botnet,which at its peak commandeered 41,000 computers and distributed more than 3.8 billion spam a day.

This article originally appeared at crn.com

 
Follow us on Facebook and Twitter
 

Copyright © 2014 The Channel Company, LLC. All rights reserved.

Microsoft takes down botnets of online banking thieves
 
 
 
 
 
Top Stories
More hope for desktop PC market
Workstation shipments to jump, even though PCs down overall.
 
No easy fix to crisis in PC repair
The strife at NCSS and AWA is part of a structural problem.
 
Oracle's Larry Ellison steps down
Co-founder to move aside after 37 years.
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Polls
My business strategy is to:

Latest Comments
CRN Magazine

Issue: 330 | August 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.