Microsoft shuts down 2 Zeus botnet servers

ByABC News
March 26, 2012, 8:40 PM

— -- Microsoft is receiving wide kudos for once again disrupting a major botnet.

Botnets are sprawling networks of infected Windows PCs manipulated by criminal gangs to steal from online banking accounts.

Working with U.S. Marshals and two financial services industry trade groups, the software giant on Friday orchestrated a surprise raid on two Internet hosting companies: Continuum Data Centers in Lombard, Ill., and BurstNet in Scranton, Pa.

Seized were two command-and-control servers used to send instructions to millions of infected PCs that are part of the massive Zeus botnet.

The raid came after Microsoft filed a civil lawsuit, partly under the Racketeer Influenced and Corrupt Organizations Act. The company has combined legal tactics with cyberforensics three other times since 2010 to shut down command-and-control servers used to direct large botnets.

"Microsoft has done the online world a great service by establishing a repeatable process and a legal framework for taking down botnets and bringing malware distributors to justice," says Stephen Cobb, security evangelist at anti-virus firm ESET.

Graham Cluley, researcher at tech security firm Sophos, says Microsoft has a profound self-interest in cleaning up the Internet.

"The last thing Microsoft wants is for the prevalence of malware to be a reason for people to purchase their next computer from Apple," he says.

Microsoft's lawsuit identifies 39 John Does, who use 65 different online aliases, and accuses them of controlling as many as 13 million infected PCs, using them to steal more than $100 million from online banking accounts.

"We expect this effort will significantly impact the cybercriminal underground for quite some time, but cybercrime, like all crime, will always be a societal challenge," says Richard Boscovich, senior attorney in charge of Microsoft's digital crimes unit.

Botnet gangs have hit small organizations that rely on Automated Clearing House (ACH) cash transfers — a service banks have integrated into their online banking accounts — especially hard.

Companies use ACH transfers to deposit salaries, pay suppliers and receive payments. Cybercriminals have perfected intricate systems to pull off fraudulent transfers.

The seized servers could help authorities pinpoint the identities of gang members named in the lawsuit, says Michael Sutton, research vice president at network security firm Zscaler.

"Microsoft should be applauded for expending considerable human and financial resources to at least put a dent in what has become one of the more prolific botnets out there."