Microsoft takes down botnets of online banking thieves

By on
Microsoft takes down botnets of online banking thieves

Microsoft has taken down a number of malware-spreading botnets that infected millions of computers worldwide and stole more than $US100 million ($A95 million) from financial institutions and other businesses.

Under the escort of US Marshals and with a warrant from a federal judge, Microsoft and two other co-plaintiffs in a lawsuit against the unidentified botnet operators seized command-and-control servers in two US locations. A federal court in New York granted permission for the seizure, which included taking control of 800 domains used in the criminal network.

According to court papers, Microsoft disrupted a botnet of 13 million computers, including 3 million in the US, that spread the Zeus family of malware that included the SpyEye and Ice-IX variants. The malware tracks a computer user's online activity and records keystrokes, so it can steal the user name and password when a victim visits an online banking site.

The Zeus-related malware has caused more than a half-billion dollars in damages to businesses, according to Microsoft. The botnets taken down Friday following a month-long investigation stole more than $100 million over the last five years.

"With this action, we’ve disrupted a critical source of money-making for digital fraudsters and cyberthieves, while gaining important information to help identify those responsible and better protect victims," Richard Boscovich, senior attorney for the Microsoft Digital Crimes Unit, said.

"The Microsoft Digital Crimes Unit has long been working to combat cybercrime operations, and today is a particularly important strike against cybercrime that we expect will be felt across the criminal underground for a long time to come."

In shutting down the malware networks, Microsoft invoked the Racketeer Influenced and Corrupt Organisations Act for the first time. The RICO act is used in cases against organised crime. While no arrests have been made, Microsoft and the other plaintiffs believe an organisation of criminals is behind the botnets.

Joining Microsoft in the civil suit that led to the seizures were the Financial Services Information Sharing and Analysis Centre, a nonprofit formed by financial institutions to fight cybercrime, and the NACHA Electronics Payments Association, which manages the network for electronic payments, such as direct deposits and funds transfers.

The latest operation was the fourth high-profile botnet takedown led by Microsoft's Project MARS (Microsoft Active Response for Security) initiative. The previous operation shuttered the Kelihos botnet,which at its peak commandeered 41,000 computers and distributed more than 3.8 billion spam a day.

This article originally appeared at

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © 2018 The Channel Company, LLC. All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?