Microsoft and Financial Partners Take Down Zeus Botnets

Posted Mar 26, 2012

Microsoft and their financial service partners have seized two command-and-control servers for the Zeus botnets, which are used for keylogging and accessing sensitive information. Microsoft’s Digital Crimes Unit and several of their financial-services partners coordinated with each other against Zeus botnets on March 23rd. They shut down command-and-control servers in Illinois and Pennsylvania.

Microsoft’s partners on this initiative include the Financial Services-Information Sharing and Analysis Center (FS-ISAC), NACHA-The Electronic Payments Association, and Kyrus Tech Inc. The U.S. Marshals escorted Microsoft personnel during the seizure of the hardware at different hosting locations. Unfortunately, there are several Zeus botnets that exist in other parts of the world.

?For this action?code-named Operation b71?we focused on botnets using Zeus, SpyEye and Ice-IX variants of the Zeus family of malware,? stated Microsoft’s senior attorney for the Digital Crimes Unit Richard Domingues Boscovich. ?Our goal was a strategic disruption of operations to mitigate the threat in order to cause long-term damage to the cyber-criminal organization that relies on these botnets for illicit gain.?

Microsoft is continuing to monitor 800 domains that are related to the seized servers. Zeus malware uses keylogging to access user names and passwords. Microsoft claims that there have been about 13 million suspected Zeus infections worldwide and 3 million in the U.S.