Microsoft, working with others in the financial services and computer security industry, has disrupted a number of botnets being used by the Zeus malware family.
The company claims that botnets using ZeuS, SpyEye and Ice-IX variants of the ZeuS family of malware are responsible for nearly half a billion dollars in damages.
Office buildings in Illinois and Pennsylvania were raided by US Marshals, accompanied by Microsoft investigators, on Friday, and web servers being used by cybercriminals deactivated. The seized computers will be examined to see if they reveal further information about who might be behind the criminal campaign. At the same time, the firm seized control of hundreds of web domains being used for malevolent purposes.
Microsoft’s Digital Crimes Unit even put together a natty video, giving a little colour to the operation:
Of course, Microsoft has a big interest in making the internet a safer place. Most malware, for instance, targets Windows rather than Mac users – and the last thing Microsoft wants is for the prevalence of malware to be a reason for people to purchase their next computer from Apple instead.
Frankly, I don’t care if Microsoft doesn’t have entirely altruistic motivation for bringing down the bad guys – I’m just glad that they are actively pursuing those responsible for organised cybercrime, and trying to make the internet safer.
So far, SophosLabs hasn’t seen any evidence of significant disruption to Zeus’s activities through Microsoft’s action. Because Zeus and SpyEye are sold as kits any takedown against specific botnets will not affect all the other botnets which are still out there.
Since the kits are still available (freely in source form in the case of Zeus) it is highly likely that we will continue to see botnets created using them.
Microsoft and the National Automated Clearing House Association has filed an action against almost 40 as-yet-unnamed “John Does” in connection with the investigation. So far all that has been made public are the suspects’ aliases:
Slavik, Monstr, IOO, Nu11, nvidiag, zebra7753, lexa_Mef, gss, iceIX, Harderman, Gribodemon, Aqua, aquaSecond, it, percent, cp01, hct, xman, Pepsi, miami, miamibc, petr0vich, Mr. ICQ, Tank, tankist, Kusunagi, Noname, Lucky, Bashorg, Indep, Mask, Enx, Benny, Bentley, Denis Lubimov, MaDaGaSka, Vkontake, rfcid, parik, reronic, Daniel, bx1, Daniel Hamza, Danielbx1, jah, Jonni, jtk, Veggi Roma, D frank, duo, Admin2010, h4x0rdz, Donsft, mary.J555, susanneon, kainehabe, virus_e_2003, spaishp, sere.bro, muddem, mechan1zm, vlad.dimitrov, jheto2002, sector.exploits and the JabberZeus Crew
Some of these individuals are said to have written the Zeus or SpyEye code, others are said to have developed exploits which helped infect victims’ computers. Others are said to have be, or have recruited, money mules who laundered the proceeds of the criminal scheme.
Ultimately, the most important thing will be to bring those who write the malware, sell the malware, buy the malware, or profit from its use to justice. Taking over web servers is one thing, but unless the people behind the Zeus and other malware operations are brought to book, the crime is just going to continue.
Source: NakedSecurity
More Stories
Facebook Paying Social Media Users to Suspend Accounts Ahead of November Elections
Facebook is offering money to those who are willing to stop using Facebook and Instagram in the weeks before the...
Multiple nation-state groups are hacking Microsoft Exchange servers
Multiple government-backed hacking groups are exploiting a recently-patched vulnerability in Microsoft Exchange email servers. (more…)
The rare form of machine learning that can spot hackers who have already broken in – MIT Technology Review
Darktrace’s unsupervised-learning models sound the alarm before intruders can cause serious damage. — Read on www.technologyreview.com/s/612427/the-rare-form-of-machine-learning-that-can-spot-hackers-who-have-already-broken-in/
Hackers Delete Thousands of Dark Web Pages • Digit
Hackers have permanently deleted 6,500 hidden services that were hosted on the Daniel's Hosting dark web server. — Read on...
Mining Botnet Conscripts 5000 Android Devices
A fast-moving botnet that appeared over the weekend has already infected thousands of Android devices with potentially destructive malware that...
Microsoft Drop’s Window 10 Preview Build 15002 PreRelease
This week was as Geeky as it can get for Windows 10 Insiders. Microsoft release of Build 15002 to the...