Microsoft takes down C&C servers to disrupt Zeus

Microsoft has disrupted a sequence of botnets including Zeus.

According to a press release by Richard Domingues Boscovich, senior attorney at Microsoft Digital Crimes Unit, it and partners filed a suit on 19 March against 'John Does 1-39', asking the court for permission to sever the command and control (C&C) structures of those Zeus botnets.

The C&Cs were located in Scranton, Pennsylvania and Lombard, Illinois; Microsoft said it was currently monitoring 800 domains secured within the operation.

Boscovich said the "valuable evidence gained inside the operation" shall be used to spot and recover infected users, undermine the organisation behind it and identify those responsible.

He said: “Due to the original complexity of those particular targets, unlike our prior botnet takedown operations, the goal here was not the permanent shutdown of all impacted targets.

“Rather, our goal was a strategic disruption of operations to mitigate the threat so that it will cause long-term damage to the cyber criminal organisation that will depend on these botnets for illicit gain.”

He also said he didn't expect this action to have worn out every Zeus botnet, but to disrupt a few of the most harmful botnets, so as to "significantly impact the cyber criminal underground for quite it slow".

The takedown was operated by Microsoft's Project MARS (Microsoft Active Response for Security) initiative â€" a joint effort between Microsoft's Digital Crimes Unit, Malware Protection Center, Support and the Trustworthy Computing team, in addition NACHA, The Electronic Payments Association, Kyrus Tech, F-Secure and the data Sharing and Analysis Center.

Greg Garcia, a spokesperson for the 3 major financial industry associations that worked with Microsoft in this initiative, said: “As crimes against banks and their customers move from stick-ups to mouse clicks, we're also using our own mouse clicks, in addition to the law, to assist protect consumers and businesses. Disrupting the Zeus botnets is only one strike in our long-term commitment to assist defend and protect people.”

Michael Tanji, chief security officer of Kyrus Tech, who helped analyse the Zeus malware and determine which botnets were the foremost dangerous, said: “We are proud to have played a component on this groundbreaking effort and hope that others will start working together to combat malicious activity on the same scale because it is being perpetrated.”