Over the weekend and this morning, Microsoft, working in conjunction with others, issued civil lawsuits to sinkhole numerous domains associated with the Zeus botnet. When I say "botnet", I use the term loosely because Zeus is not a botnet in the sense that Rustock or Waledac is (or was). Rather, Zeus is a tool kit that online criminals can buy that lets them create phishing pages, perform fast fluxing, host drive-by downloads in addition to spamming. It's more like infrastructure than a botnet, although it does have a large botnet under its control.
From The New York Times (also covered in PC World, the MMPC blog, Gary Warner's Blog, and The Official Microsoft Blog):
SEATTLE Microsoft employees, accompanied by United States marshals, raided two nondescript office buildings in Pennsylvania and Illinois on Friday, aiming to disrupt one of the most pernicious forms of online crime today botnets, or groups of computers that help harvest bank account passwords and other personal information from millions of other computers.
With a warrant in hand from a federal judge authorizing the sweep, the Microsoft lawyers and technical personnel gathered evidence and deactivated Web servers ostensibly used by criminals in a scheme to infect computers and steal personal data. At the same time, Microsoft seized control of hundreds of Web addresses that it says were used as part of the same scheme. ... On Friday, Microsoft was attacking its most complex target yet, known as the Zeus botnets. The creators of Zeus offer their botnet code for sale to others and, depending on the level of customer support and customization of the code that clients require, charge them $700 to $15,000 for the software, Microsoft said in a lawsuit filed in federal court in Brooklyn on March 19.
That, in turn, has resulted in many variants of Zeus botnets, making them harder to combat. Most of them are aimed at perpetrating various financial scams against online victims. Mr. Boscovich of Microsoft said he had a "high degree of confidence" that the unnamed culprits behind Zeus were in Eastern Europe.
Because of the financial fraud involved, Microsoft rallied support from two financial industry associations the Financial Services Information Sharing and Analysis Center and the National Automated Clearing House Association which were were co-plaintiffs in the case and filed court declarations endorsing Microsoft's sweep on Friday.
Similar to the Rustock takedown where Pfizer joined in the lawsuit, in this case the NACHA and FSISAC (see above for full acronym expansion) took part in the actions.
But not everyone thinks that Microsoft's actions actually fix the problem:
Jose Nazario, a senior security researcher at Arbor Networks, an Internet security firm, said that Microsoft's record against botnets had been a "mixed bag" and that some of its gains were only temporary. After an earlier action against a botnet known as Waledac, for example, the software behind it was modified slightly to create a new botnet.
"You can take out a botnet, but unless you take down the coders and put the clients behind bars, they're just going to go ahead and do this again," Mr. Nazario said.
Read the original here:
Microsoft Disrupts the Zeus Infrastructure