Wrath of the Titans: Microsoft, U.S. Feds Slay Godly Zeus Botnets

From DailyTech: In the era of organized cybercrime, one of the most dangerous threats to arise in recent years was "Zeus". A malware program named after the king of the Greek gods, Zeus spread via combination of phishing emails that encouraged users to download a malicious executable, and by "drive-by-downloads", automatic downloads which largely target insecure older browser versions. Once installed, Zeus committed all sorts of villainy, including keylogging and form-grabbing, both of which were used to steal internet users' credit card info.

According to Microsoft Corp. (MSFT), organized criminals would purchase special souped up versions of Zeus to create their own private botnets. Zeus malware "crimekits" would retail from $700 USD to $15,000 USD. And the criminals were getting their money's worth -- in the U.S. alone the top three variants -- Zeus, SpyEye and Ice-IX -- were believed to have affected 3 million machines and wrought $500M+ USD in damages. Worldwide over 13m machines were believed to be infected.

But Zeus's status as god of the world of cyber-crime appears to be drawing to a close.

Microsoft’s Digital Crimes Unit -- in collaboration with Financial Services – Information Sharing and Analysis Center (FS-ISAC) and NACHA (The Electronic Payements Association) -- leveraged the provisions of the Lanham (15 U.S.C. § 1051-1141n) and Racketeer Influenced and Corrupt Organizations (RICO) Acts (18 U.S.C. § 1961–1968) to gain warrants to take down the command and control servers of top Zeus variants. The warrants follow a Mar. 19, 2012 suit filed against 39 "John Does" believed to be involved in the criminal operation.

Microsoft security experts have previously compared the approach to "decapitating" the botnet, in that it takes out the brains of the botnet -- the command and control (CnC) server tasked with delivering updates to the malware, issuing commands, and collecting stolen information.

Microsoft, its partners, and U.S. Federal Marshalls executed a pair of daring real world raids in Scranton, Penn. and Lombard, Ill., entering the premises of two hosting companies and seizing the active CnC servers, before the owners could try to destroy evidence.

View: Article @ Source Site