Microsoft and Partners Disrupt Massive Zeus Botnets Massive Zeus Cybercrime Operation that Fuels Worldwide Fraud and Identity Theft

Microsoft in collaboration with the financial services industry including the Financial Services - Information Sharing and Analysis Center (FS-ISAC) and NACHA - The Electronic Payments Association -- as well as Kyrus Tech Inc., announced it has successfully executed a coordinated global action codenamed "Operation b71" to disrupt some of the worst known botnets using variants […]

Microsoft in collaboration with the financial services industry including the Financial Services - Information Sharing and Analysis Center (FS-ISAC) and NACHA - The Electronic Payments Association -- as well as Kyrus Tech Inc., announced it has successfully executed a coordinated global action codenamed "Operation b71" to disrupt some of the worst known botnets using variants of the notorious Zeus malware (detect as Win32/Zbot, Spyeye and Ice IX).

"Due to the complexities of these targets, unlike Microsoft's prior botnet operations, the goal of this action was not the permanent shutdown of all impacted Zeus botnets. However, this action is expected to significantly impact the cybercriminals' operations and infrastructure, advance global efforts to help victims regain control of their infected computers and also help further investigations against those responsible for the threat," Richard Domingues Boscovich, Senior Attorney, Microsoft Digital Crimes Unit.

The Zbot /Zeus threat has targeted the financial sector for quite some time.

"On March 23, we took down two IP addresses behind the Zeus 'command and control' structure. Microsoft also currently monitors 800 domains secured in the operation, which helps us to identify thousands of Zeus-infected computers," the company posted.

Richard notes, "Zeus malware uses a tactic called "keylogging," which records a person's every computer keystroke to monitor online activity and gain access to usernames and passwords in order to steal victims' identities, withdraw money from their bank accounts and make online purchases." "Microsoft researchers found that once a computer is infected with Zeus, the malware automatically starts keylogging when a person types in the name of a financial or e-commerce institution, allowing criminals to gain access to people's online accounts from that point forward," blogged Richard.

"Zeus is especially dangerous because it is sold in the criminal underground as a crimeware kit, which allows criminals to set up new command and control servers and create their own individual Zeus botnets. These crimeware kits sell for anywhere between $700 to $15,000, depending on the version and features of the kit," said Richard.

Overall, Microsoft has detected more than 13 million suspected infections of this malware worldwide, with more than 3 million in the United States alone.

Microsoft has documented the threat in detail in a special Security Intelligence Report whitepaper published in 2010.