Microsoft seizes Zeus botnet servers in Illinois, Pennsylvania

By on March 26, 2012, 5:00 PM

In collaboration with the financial services industry and the US government, Microsoft has dismantled another major malware network, raiding command-and-control servers in Scranton, Pennsylvania and Lombard, Illinois on Friday. Microsoft described the undertaking as its most complex effort against botnets to date, as its target involved cross-industry threats using the Zeus malware family including ZeuS, SpyEye and Ice-IX, which are said to be responsible for nearly half a billion dollars in damages.

Describing the infection, Microsoft said Zeus malware could monitor a victim's online activity and log keystrokes to compromise the credentials of a user's account -- typically those involving financials, such as a bank or store. From there, cybercriminals naturally steal the victim's identity, make fraudulent purchases or pursue other nefarious activities. Microsoft reports that since 2007, it has detected over 13 million suspected infections of the Zeus malware worldwide, including roughly 3 million in the US alone.

Leading up to last Friday's raid, Microsoft and its partners filed suit against 39 "John Does" who have only been named by their online aliases (listed below) and are thought to be involved with the Zeus operation. During the raid, investigators seized servers, data and other evidence involved in the case along with disabling two IP addresses behind the command-and-control centers. Microsoft is currently monitoring 800 domains secured in the operation to help identify and clean infected machines.

Slavik, Monstr, IOO, Nu11, nvidiag, zebra7753, lexa_Mef, gss, iceIX, Harderman, Gribodemon, Aqua, aquaSecond, it, percent, cp01, hct, xman, Pepsi, miami, miamibc, petr0vich, Mr. ICQ, Tank, tankist, Kusunagi, Noname, Lucky, Bashorg, Indep, Mask, Enx, Benny, Bentley, Denis Lubimov, MaDaGaSka, Vkontake, rfcid, parik, reronic, Daniel, bx1, Daniel Hamza, Danielbx1, jah, Jonni, jtk, Veggi Roma, D frank, duo, Admin2010, h4x0rdz, Donsft, mary.J555, susanneon, kainehabe, virus_e_2003, spaishp, sere.bro, muddem, mechan1zm, vlad.dimitrov, jheto2002, sector.exploits and the JabberZeus Crew

"Because of the complexities of these targets, unlike Microsoft's previous botnet operations, the goal of this action was not to permanently shut down all impacted Zeus botnets. However, this action is expected to significantly impact the cybercriminals' operations and infrastructure, advance global efforts to help victims regain control of their infected computers, and also help further investigations against those responsible for the threat," the software giant said, noting that it still has plenty of work to do.

SophosLabs reports that it hasn't seen a significant disruption to Zeus' activities over the last few days, as the malware can be used by any cybercriminals to form new botnets. In its source form, Zeus can be had for free, while other variants are sold in kits for between $700 and $15,000. Folks concerned their system might be affected by Zeus or other botnets can visit Microsoft's Virus and Security Solution Center for more information about malware, including various avenues for cleaning infected machines.




User Comments: 10

Got something to say? Post a comment
Guest said:

Why do they keep showing Gmail? They don't have any Windows Live Hotmail sessions running on their browsers?

Guest said:

LOL but Windows is safe?

I say this from my 5+ years behind a Linux PC not worrying if viruses even exist!

But hey don't burn that MBR and install Ubuntu just keep rolling with what you know ( WINBLOWS ) and the jerks will keep infecting you.

Actually I can't wait for the HACKER that has the balss to try to infect LINUX, he will be the one who gets crucified to make Jesus's ordeal look like a hazing event.

SalaSSin said:

Queue Linux vs Windows flame war in 5 4 3 ...

VitalyT VitalyT said:

catching a lizzard by the tail isn't gonna work...

i say, found a hacker cell - nuke it!

Guest said:

I hate to burst your bubble "Guest", but there have been exploits and viruses for linux for years now. No OS is 100% safe, period.

And before you go yelling, how about that hacker that re-inserted a linux distro on the master server it was hosted on, filled with tons of bad junk, how many hundreds of thousands of people downloaded that before they took it off their servers?

You're not as safe as you think.

Guest said:

All this negative stuff i see in the media really gives me the incentive to switch to a Mac or Linux computer but I must say kudos to Microsoft and their partners for having a strategic method for protecting the users.

captaincranky captaincranky, TechSpot Addict, said:

LOL but Windows is safe?

I say this from my 5+ years behind a Linux PC not worrying if viruses even exist!

But hey don't burn that MBR and install Ubuntu just keep rolling with what you know ( WINBLOWS ) and the jerks will keep infecting you.

Actually I can't wait for the HACKER that has the balss to try to infect LINUX, he will be the one who gets crucified to make Jesus's ordeal look like a hazing event.

Management seems to be big on letting self important guest trolls like this have their say, while removing any rebuttals.

Zilpha Zilpha said:

Guest said:

LOL but Windows is safe?

I say this from my 5+ years behind a Linux PC not worrying if viruses even exist!

But hey don't burn that MBR and install Ubuntu just keep rolling with what you know ( WINBLOWS ) and the jerks will keep infecting you.

Actually I can't wait for the HACKER that has the balss to try to infect LINUX, he will be the one who gets crucified to make Jesus's ordeal look like a hazing event.

People don't use Windows because they think it's complete safe; rather, they use Windows because it's a rich user experience. When Linux catches up to the user experience end of things (and cramming Unity down everyone's throat with no way to customize it at all because it's some developer's 'vision' is NOT a good user experience, for the record), then more people will use it.

It's really that simple.

Right now it's still a hobbyists' OS. Folks like to use polished software that works and not have to worry about compiling this module into that kernel and finding workarounds for their hardware to function. Look at things like hybrid graphics - The Bumblebee\Ironhide\etc projects are very good but it's still daunting for the inexperienced user to install and use. With notebooks starting to come with these things standard, Linux is even further behind the curve as hardware manufacturers don't want to bother with writing specialty drivers for such a small portion of the userbase.

So you can act self-righteous all you want, but the bottom line is people will use what makes sense to them, is cost-effective, and easy to maintain.

Phraun said:

Guest said:

LOL but Windows is safe?

I say this from my 5+ years behind a Linux PC not worrying if viruses even exist!

But hey don't burn that MBR and install Ubuntu just keep rolling with what you know ( WINBLOWS ) and the jerks will keep infecting you.

Actually I can't wait for the HACKER that has the balss to try to infect LINUX, he will be the one who gets crucified to make Jesus's ordeal look like a hazing event.

How does it feel to operate under an umbrella of total delusion?

The operating system is irrelevant in most infection cases these days; rather, it has to do with the stupidity of the user in question. The issue here is that the barrier of entry for Linux is so high, few of those kinds of people have the patience to use it, instead preferring Windows or OSX. As such, those platforms have a far higher infection rate than Linux does.

But hey, by all means continue to believe in your supposed "invulnerability". What could possibly go wrong?

DAOWAce DAOWAce said:

As the top comment on that video said, I'd watch a CSI like series if Microsoft decided to release it based on this subject. Video was nicely produced.

Also: Botnets being shutdown means less internet congestion. Better not only for the people affected, but the internet as a whole.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.