UPDATED 12:23 EDT / MARCH 27 2012

NEWS

Microsoft Disrupts Major ZeuS Botnet Infrastructure

Last Friday saw a months-long Microsoft-led operation come to fruition with the closure of the ZeuS and SpyEye Trojan botnet ending with the coordinated seizure of command-and-control servers across the United States. This makes the third action that Microsoft has prepped that attacked major world botnets and spam organizations and delivered a crushing blow to the operators—the previous two were the devastation of the Khelios botnet and shutdown of the Rustok spamnet.

Now, Microsoft can pin another campaign accolade to their collar with the ZeuS Trojan botnet, according to a report in The Register. The software giant filed suit against 39 unnmaed parties on Monday (16 March) requesting permission to destroy the ZeuS command-and-control structure, leading to raids of servers and datacenters in Scranton, Pennsylvania, and Lombard, Illinois.

According to a statement released by Microsoft, this has been one of the most complex operations they’ve committed to date:

Cybercriminals have built hundreds of botnets using variants of Zeus malware. For this action – codenamed Operation b71 – we focused on botnets using Zeus, SpyEye and Ice-IX variants of the Zeus family of malware, known to cause the most public harm and which experts believe are responsible for nearly half a billion dollars in damages. Due to the unique complexity of these particular targets, unlike our prior botnet takedown operations, the goal here was not the permanent shutdown of all impacted targets. Rather, our goal was a strategic disruption of operations to mitigate the threat in order to cause long-term damage to the cybercriminal organization that relies on these botnets for illicit gain.

ZeuS and SpyEye particularly were used as data-collection malware botnets for assembling banking information to provide the foundation for massive frauds. The kits that enabled criminals to access the botnets would sell on the black market for anywhere between $700 to $15,000, depending on how feature rich the set and kit sold happened to be. As a banking fraud mechanism, ZeuS works as a keylogger and a type of spyware that attempts to gather financial information and communicate it back to a central server.

Microsoft claims that there have been over 13 million suspected infections detected worldwide with more than 3 million in the US alone. The ZeuS botnet is particularly insidious tech because the higher cost version permits criminals to set up their own command-and-control servers and run their own nets.

With these two command-and-control centers out of commission, Microsoft will be able to watch the communication attempting to access them and use that to identify infected computers and domains. However, looking at the proliferation of ZeuS and its capabilities there may be more takedowns on the road ahead—especially because we’ve seen a variant of ZeuS crop up that eschews command-and-control servers for a peer-to-peer network.

Microsoft has done an excellent job working with other agencies to help keep botnets and Trojan networks in check. This last operation saw them working for months with officers from the Financial Services – Information Sharing and Analysis Center (FS-ISAC) and the National Automated Clearing House Association, the US electronic payments association. Also according to The Register, security researchers from F-Secure served a major role in the analysis of the malware. During the raids, US Marshals flanked investigators when they entered the hosting firms to capture the equipment.

It’s also important to note that Microsoft states in their reports that the hosts of the command-and-control servers were unaware that they were part of a criminal botnet.

 


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU