Menu

Technology

Microsoft claims to take down Zeus

us marshall zeus raid Microsoft

March 23, 2012: Digital forensic examiner Ashim Kapur disables a computer running the Zeus botnet in Scranton, PA.Microsoft/YouTube

This software giant may have crooks doing hard time.

Microsoft’s Digital Crimes Unit was behind an unprecedented takedown of servers powering some of the worst known cybercrime operations today, the Windows giant said late Sunday night. The “Zeus” family of malware is responsible for a large portion of online fraud and identity theft, the company said.

Office buildings in Illinois and Pennsylvania were raided by U.S. Marshals on Friday, accompanied by Microsoft investigators. Microsoft was supported by financial services security firms, including the Electronic Payments Association and the Financial Services - Information Sharing and Analysis Center (FS-ISAC).

Computers at the site were infected by the Zeus malware, which uses a “keylogger” to records a person’s every computer keystroke, according to a legal complaint published online Saturday. The malware monitored online activity in order to gain access to usernames and passwords and steal victims’ identities, withdraw money from their bank accounts and make online purchases.

“In the past, crime against banks and against people was with stickups. Now it’s with mouse clicks.”

- Greg Garcia, former DHS cyber chief

“Cybercriminals have built hundreds of botnets using variants of Zeus malware,” Richard Domingues Boscovich, a senior attorney with Microsoft’s Digital Crimes Unit, said in a blog post. Zeus crimeware kits sell for anywhere between $700 to $15,000, he said, and Microsoft has detected more than 13 million suspected infections worldwide. 

“We have proactively disrupted some of the most harmful botnets, and we expect this effort will significantly impact the cybercriminal underground for quite some time,” Boscovich said.

The legal complaint charges 39 "John Does" -- unnamed people with esoteric hacker names such as Pepsi, MaDaGaSka, virus_e_2003, and h4x0rdz -- with controlling computer botnets and thereby injuring plaintiffs and their customers and members.

“In the past, crime against banks and against people was with stickups. Now it’s with mouse clicks,” said Greg Garcia, former DHS cyber chief, in a video Microsoft released announcing the raids.

Graham Cluley, an analyst with security firm Sophos, said Monday he has yet to see any impact on world cybercrime from the raids.

“So far, SophosLabs hasn't seen any evidence of significant disruption to Zeus' activities through Microsoft's action.” He noted that this takedown would not affected other active botnets. Cluley was nonetheless supportive of catching cybercrooks.

 “I don't care if Microsoft doesn't have entirely altruistic motivation for bringing down the bad guys -- I'm just glad that they are actively pursuing those responsible for organized cybercrime, and trying to make the Internet safer,” he wrote

This is the fourth high-profile takedown operation in Microsoft’s Project MARS (Microsoft Active Response for Security) initiative – a joint effort between DCU, Microsoft Malware Protection Center (MMPC), Microsoft Support and the Trustworthy Computing team to disrupt botnets and begin to undo the damage they cause by helping victims regain control of their infected computers, Microsoft said.