Microsoft takes down Zeus botnets

In what it describes as its ‘most complex effort to disrupt botnets to date’, Microsoft has helped seize hundreds of web addresses to shut down several Zeus-based botnets.

On Friday, US marshals raided addresses in Pennsylvania and Illinois to shut down severs and gather evidence, as part of a civil suit brought by Microsoft. Microsoft’s been able to take this step by arguing that the botnet operators have been violating its trademarks and damaging its reputation. It’s the fourth big take-down for the company.

“Valuable evidence and intelligence gained in the operation will be used both to help rescue peoples’ computers from the control of Zeus, as well as in an ongoing effort to undermine the cybercriminal organization and help identify those responsible,” says Richard Domingues Boscovich, senior attorney in Microsoft Digital Crimes Unit.

Microsoft says its detected more than 13 million suspected infections of Zeus worldwide, with more than three million in the US alone.

“Zeus is especially dangerous because it is sold in the criminal underground as a crimeware kit, which allows criminals to set up new command and control servers and create their own individual Zeus botnets,” says Boscovich.

“These crimeware kits sell for anywhere between $700 to $15,000, depending on the version and features of the kit.”

Microsoft says that, while the action won’t wipe out every Zeus botnet in the world, it has disrupted some of the most harmful ones. It says it should have a significant impact on cybercriminals for quite some time to come.

“Due to the unique complexity of these particular targets, unlike our prior botnet takedown operations, the goal here was not the permanent shutdown of all impacted targets,” says Boscovich.

“Rather, our goal was a strategic disruption of operations to mitigate the threat in order to cause long-term damage to the cybercriminal organization that relies on these botnets for illicit gain.”