Microsoft takes on Zeus botnets

Microsoft has continued its war on the King of the Botnets, Zeus, by seizing command and control servers under something it has dubbed Operation b71.

Richard Domingues Boscovich, who is the Senior Attorney of Microsoft’s Digital Crimes Unit wrote from his bog that Redmond has been doing a lot of research into the worst known Zeus botnets and asking the courts to give it a good kicking.

He said that cybercriminals had built hundreds of botnets using variants of Zeus malware. Operation b71 was focused on botnets using Zeus, SpyEye and Ice-IX which makes up the new Oympus of the Zeus family.

Boscovich said that there were some problems with the complexity of these particular targets which meant that, unlike Microsoft’s previous botnet takedown operations, it did not permanently shut them down.

He said the idea was to strategically disrupt operations to limit the threat in order to cause long-term damage to the cybercriminals that use the botnets to make cash.

Zeus malware uses a tactic called keylogging, which records a person’s every computer keystroke to monitor online activity and gain access to usernames and passwords in order to steal victims’ identities.

Microsoft detected more than 13 million suspected infections of Zeus worldwide, with more than 3 million in the United States.

Microsoft filed a suit on 19 March 2012, asking the court for permission to cut the command and control of the Zeus botnets. Redmond used the Lanham Act in order to physically seize servers from hosting providers and preserve evidence. It also used the Racketeer Influenced and Corrupt Organizations (RICO) Act which is normally used for mobsters.

Boscovich said he did not expect to have wiped out every Zeus botnet operating in the world. However, it had disrupted some of the most harmful botnets, and he expected it will harm the cybercriminal underground for quite some time.