Microsoft takes down botnets of online banking thieves

By Antone Gonsalves on Mar 27, 2012 8:28 AM
Filed under Security

Zeus family disrupted.

Microsoft has taken down a number of malware-spreading botnets that infected millions of computers worldwide and stole more than $US100 million ($A95 million) from financial institutions and other businesses.

Under the escort of US Marshals and with a warrant from a federal judge, Microsoft and two other co-plaintiffs in a lawsuit against the unidentified botnet operators seized command-and-control servers in two US locations. A federal court in New York granted permission for the seizure, which included taking control of 800 domains used in the criminal network.

According to court papers, Microsoft disrupted a botnet of 13 million computers, including 3 million in the US, that spread the Zeus family of malware that included the SpyEye and Ice-IX variants. The malware tracks a computer user's online activity and records keystrokes, so it can steal the user name and password when a victim visits an online banking site.

The Zeus-related malware has caused more than a half-billion dollars in damages to businesses, according to Microsoft. The botnets taken down Friday following a month-long investigation stole more than $100 million over the last five years.

"With this action, we’ve disrupted a critical source of money-making for digital fraudsters and cyberthieves, while gaining important information to help identify those responsible and better protect victims," Richard Boscovich, senior attorney for the Microsoft Digital Crimes Unit, said.

"The Microsoft Digital Crimes Unit has long been working to combat cybercrime operations, and today is a particularly important strike against cybercrime that we expect will be felt across the criminal underground for a long time to come."

In shutting down the malware networks, Microsoft invoked the Racketeer Influenced and Corrupt Organisations Act for the first time. The RICO act is used in cases against organised crime. While no arrests have been made, Microsoft and the other plaintiffs believe an organisation of criminals is behind the botnets.

Joining Microsoft in the civil suit that led to the seizures were the Financial Services Information Sharing and Analysis Centre, a nonprofit formed by financial institutions to fight cybercrime, and the NACHA Electronics Payments Association, which manages the network for electronic payments, such as direct deposits and funds transfers.

The latest operation was the fourth high-profile botnet takedown led by Microsoft's Project MARS (Microsoft Active Response for Security) initiative. The previous operation shuttered the Kelihos botnet,which at its peak commandeered 41,000 computers and distributed more than 3.8 billion spam a day.

This article originally appeared at

Follow us on Facebook and Twitter

Copyright © 2014 The Channel Company, LLC. All rights reserved.

Microsoft takes down botnets of online banking thieves
Top Stories
10 things we learned this week
Seasons greetings and "Yo Gabba Gabba!" from CRN.
Microsoft partner Ensyst acquired by Optus
Australian partner of the year joins Optus Business.
How I learned to stop worrying and love Hyper-V
How secondhand data centre pizza boxes and tablets can get an SMB mobile and productive.
Sign up to receive CRN email bulletins
Who had more wins in 2014?

Latest Comments
CRN Magazine

Issue: 334 | December 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.