Microsoft battles Zeus botnets
In a blog post this weekend, Microsoft’s Digital Crimes Unit gets into the details of their fourth botnet takedown. With successfully taking down Waledac, Rustock, and Kelihos, they can now add Zeus to the list.
With the posting of a legal notice against 39 John Does, Microsoft is making its arrangements for the legal side of the action. To identify individuals, it has posted the user names of the members it summons to court.
Slavik, Monstr, IOO, Nu11, nvidiag, zebra7753, lexa_Mef, gss, iceIX, Harderman, Gribodemon, Aqua, aquaSecond, it, percent, cp01, hct, xman, Pepsi, miami, miamibc, petr0vich, Mr. ICQ, Tank, tankist, Kusunagi, Noname, Lucky, Bashorg, Indep, Mask, Enx, Benny, Bentley, Denis Lubimov, MaDaGaSka, Vkontake, rfcid, parik, reronic, Daniel, bx1, Daniel Hamza, Danielbx1, jah, Jonni, jtk, Veggi Roma, D frank, duo, Admin2010, h4x0rdz, Donsft, mary.J555, susanneon, kainehabe, virus_e_2003, spaishp, sere.bro, muddem, mechan1zm, vlad.dimitrov, jheto2002, sector.exploits AND JabberZeus Crew
Back to the tactical side:
On March 23, Microsoft, FS-ISAC and NACHA – escorted by the U.S. Marshals – successfully executed a coordinated physical seizure of command and control servers in two hosting locations to seize and preserve valuable data and virtual evidence from the botnets for the case. We took down two IP addresses behind the Zeus ‘command and control’ structure. Microsoft also currently monitors 800 domains secured in the operation, which helps us to identify thousands of Zeus-infected computers.
We don’t expect this action to have wiped out every Zeus botnet operating in the world. However, together, we have proactively disrupted some of the most harmful botnets, and we expect this effort will significantly impact the cybercriminal underground for quite some time. Cybercriminals are in this for the money and this action was an unprecedented strike against the illicit infrastructure on which they rely. The operation will help further investigations against those responsible for the threat and help us better protect victims.
Read more in the Microsoft Blog.