Microsoft and US Marshals bring down Zeus botnet servers [VIDEO]

Filed Under: Botnet, Featured, Law & order, Malware, Microsoft

ZeusMicrosoft, working with others in the financial services and computer security industry, has disrupted a number of botnets being used by the Zeus malware family.

The company claims that botnets using ZeuS, SpyEye and Ice-IX variants of the ZeuS family of malware are responsible for nearly half a billion dollars in damages.

Office buildings in Illinois and Pennsylvania were raided by US Marshals, accompanied by Microsoft investigators, on Friday, and web servers being used by cybercriminals deactivated. The seized computers will be examined to see if they reveal further information about who might be behind the criminal campaign. At the same time, the firm seized control of hundreds of web domains being used for malevolent purposes.

Microsoft's Digital Crimes Unit even put together a natty video, giving a little colour to the operation:

Of course, Microsoft has a big interest in making the internet a safer place. Most malware, for instance, targets Windows rather than Mac users - and the last thing Microsoft wants is for the prevalence of malware to be a reason for people to purchase their next computer from Apple instead.

Frankly, I don't care if Microsoft doesn't have entirely altruistic motivation for bringing down the bad guys - I'm just glad that they are actively pursuing those responsible for organised cybercrime, and trying to make the internet safer.

So far, SophosLabs hasn't seen any evidence of significant disruption to Zeus's activities through Microsoft's action. Because Zeus and SpyEye are sold as kits any takedown against specific botnets will not affect all the other botnets which are still out there.

Since the kits are still available (freely in source form in the case of Zeus) it is highly likely that we will continue to see botnets created using them.

Microsoft and the National Automated Clearing House Association has filed an action against almost 40 as-yet-unnamed "John Does" in connection with the investigation. So far all that has been made public are the suspects' aliases:

Slavik, Monstr, IOO, Nu11, nvidiag, zebra7753, lexa_Mef, gss, iceIX, Harderman, Gribodemon, Aqua, aquaSecond, it, percent, cp01, hct, xman, Pepsi, miami, miamibc, petr0vich, Mr. ICQ, Tank, tankist, Kusunagi, Noname, Lucky, Bashorg, Indep, Mask, Enx, Benny, Bentley, Denis Lubimov, MaDaGaSka, Vkontake, rfcid, parik, reronic, Daniel, bx1, Daniel Hamza, Danielbx1, jah, Jonni, jtk, Veggi Roma, D frank, duo, Admin2010, h4x0rdz, Donsft, mary.J555, susanneon, kainehabe, virus_e_2003, spaishp, sere.bro, muddem, mechan1zm, vlad.dimitrov, jheto2002, sector.exploits and the JabberZeus Crew

Some of these individuals are said to have written the Zeus or SpyEye code, others are said to have developed exploits which helped infect victims' computers. Others are said to be, or have recruited, money mules who laundered the proceeds of the criminal scheme.

Ultimately, the most important thing will be to bring those who write the malware, sell the malware, buy the malware, or profit from its use to justice. Taking over web servers is one thing, but unless the people behind the Zeus and other malware operations are brought to book, the crime is just going to continue.

Further reading:

, , , , , ,

You might like

15 Responses to Microsoft and US Marshals bring down Zeus botnet servers [VIDEO]

  1. gmd · 884 days ago

    The whole botnet situation would not be such a problem today if Microsoft had not released such buggy and poorly developed software for so long. What is surprising is that computer users did not wake up long ago and adopt the safe practice of not using microsoft software

    • Bill in Indiana · 884 days ago

      How little you understand. The many professionals such as myself who read these articles do so to improve our knowledge of the topic and are not interested in pointless editorials.

    • Pete · 884 days ago

      If they had, then it would be Linux, Mac or whatever else turned out to be the "prevalent" operating system. We would have the same issues with these, as well..... Admittedly, Linux, with its multitudes of free software and free distributions would mostly eliminate the whole "keygen" and associated trojan issue, however as has been proven time and time again, the cybercriminals would adapt and not only go after (or create) vulnerabilities in these systems, but many more malware would be written/aimed at Linux operating systems. In addition, there would be a paradigm shift in the social engineering aspect of infection, thus leaving people as vulnerable as they are now, with their Windows systems.

      • crock · 884 days ago

        Statically Linux has by far much fewer bugs per line then Windows (I don't remember the exact figures). The Windows code-base is larger than Linux with far fewer eyes to go thru the code. What did you expect the result to be?

      • Hoops · 883 days ago

        Pete's right. For evidence we can look at the huge growth in the numbers of trojans and malware in Android phone apps that we're now seeing.

  2. The naysayers have been saying that for years, about how market share of the operating system somehow attracts the security threats, but that's a strawman argument that's based on FUD (Fear, Uncertainly, and Doubt). The dominant platform in the server industry has been Unix and Linux, yet we don't see Unix and Linux servers being taken over like we do Windows PCs.

    The root of the problem is that computers, and specifically computers running Microsoft Windows, were designed to be used by professionals in a closed environment. The Internet changed the threat level, but worse was adding tens of millions of users who were less interested in learning about how it works and more interested in chatting with friends and downloading free stuff online. It is amazing how many people I catch running their personal computers as the Windows root user. They don't want the hassle of having to enter passwords before installing anything, and they think that the bundled anti-virus running in the background somehow protects their PCs from all threats. With some of them, it's clear how much junk they download because their Desktop is littered with the icons of all the downloaded junk from the stuff they've installed. File extensions are hidden, and they have no clue what an executable is, or how a package installer works. They just click, click, click, and then move on to the next thing.

    The problem is much reduced with Mac OS X, because you have to be interested in computer science enough to figure out what a root user is and how to enable it. Not so with Linux, but generally the people who look to use Linux will heed the warnings about not running as root, and they're smarter than most Windows and OS X users are about the potential security threats.

    Malware is successful predominantly because the victims are stupid and gullible. That's how scams on social networks spread, by exploiting victims' urges to get a "free iPad Doesn't Exist before they're gone" or to "Turn your Facebook icon pink if you're one of the first 2,500 people to sign up for the Gold Plan Doesn't Exist." Then the scammer takes over the victims' PCs or online accounts, and uses them to attack others. When approached about the problem, one person I talked to about it said: "How do you know that, that it's not real?" Um, because your social networking page is filled with garbage that you're also sending to your subscribers, and because the stupid item that you think you're going to receive doesn't even exist! "I want to be sure, so I just click on everything," she said. Yeah, you and millions of others online.

    Just look recently at how many people would give a potential employer their Facebook passwords. There shouldn't be anybody doing that, but there is a large minority of users who don't see anything wrong with it. Extend that to their online banking, and other systems, and the threat is revealed. These users are a security threat, willing to let their systems be compromised, and they don't care.

    There are too many computer users who believe that computers are controlled by voodoo, and that's the biggest risk to a secure environment on a wide-area network.

  3. Alexander Peter Kowalski · 884 days ago

    Linux & UNIX servers don't get taken down & abused? AHEM: BULLS****! Proof's here (& this is only a TINY sample thereof):

    LINUX SERVERS HOSTED THE DUQU MALWARE/BOTNET:

    http://www.securelist.com/en/blog/625/The_Mystery_of_Duqu_Part_Six_The_Command_and_Control_servers

    LONDON STOCK EXCHANGE SERVES UP MALWARE (it runs Linux):

    http://www.securityweek.com/london-stock-exchange-web-site-serving-malware

    LINUX BASED VOTING MACHINES SACKED BY MALWARE MAKERS/HACKER CRACKERS:

    http://www.theregister.co.uk/2010/10/06/net_voting_hacked/

    LINUX OWN SOURCECODE REPOSITORIES HACKED/CRACKED INTO:

    http://www.theregister.co.uk/2011/08/31/linux_kernel_security_breach/

    http://www.theregister.co.uk/2011/10/04/linux_repository_res/

    Want more?

    I can easily & GLADLY supply proofs of them, and far more, that illustrates this "Linux = SECURE" b.s. is just that, PURE b.s.!

    The ONLY REASON Linux has remained less attacked on PC's &/or Servers (key is that), is that it is LESS USED BY FAR on them both combined, & is using "security-by-obscurity" to spread FUD around that it is 'secure' &/or "proof vs. malware &/or hacks-cracks" of it!

    See, usually, the "malware maker" of today in general is after monies, & the easiest "mark" (target)? THE END USERS!

    No, not server admins (who generally should be more security knowledgeable, well, I take that back for Penguins, see above!).

    The hacker/cracker types, & yes, malware makers/botnet masters??

    They are JUST LIKE PICKPOCKETS in crowded streets, malls, train or bus stations... they go where people gather, and, face it: ON PC'S &/or SERVERS?? That's MOSTLY Windows!

    What futher proves my assertion that Linux is no more secure than any other OS? Android!

    http://www.pcworld.com/businesscenter/article/226193/android_malware_sees_explosive_growth.html

    Android is a Linux variant, albeit, one that has gained the "lion's share" of market in users out there on smartphones & it is BEING TORN APART on the security front, daily...

    How? Mostly by what rides on top of it (JAVA/Dalvik holes), but there have been kernel level issues too ->

    That alone is a PROOF that once a Linux were to gain more marketshare? It too, will be attacked, & do no better (possibly worse considering the above) than Windows.

    Apple, via MacOS X, made the same "blunder" attempting to say "MacOS X = Secure" & Windows is not too... look what it got them! Yes, virus & malware too... despite that utter line of FUD b.s. from they as well!

    APK

    P.S.=> Want more proof of any statements of mine above? I can gladly, & EASILY, supply it in minutes... just ask - I, in turn, ask that the 'flood of FUD' from the "Pro-*NIX" people here cease, because I can show that for EXACTLY what it is (FUD) & that Linux and yes, MacOS X, were and ARE hiding behind "security-by-obscurity" (lack of users to attack, especially end users who are not "computer security gurus" & thus, are the "easy meat" to go after, & they're after their MONEY, it's not a kids' game anymore))... apk

  4. peter · 884 days ago

    a pity MS can't afford to have this video's speech in sync

  5. Dolemio · 884 days ago

    Patching your system would be a good start but unfortunately people seem to ignore this first basic step even.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.