Microsoft leads US raid on suspected botnet servers


Microsoft leads US raid on suspected botnet servers

Warwick Ashford

Microsoft employees and US marshals have raided two office buildings in Pennsylvania and Illinois to disrupt Zeus botnets of hijacked computers used to harvest financial and personal data.

Microsoft said that the Zeus botnets had enabled the theft of more than $100m from victims since 2007 and that 13 million computers were infected with some form of software associated with it.

The raid was carried out in collaboration with Financial Services Information Sharing and Analysis Center (FS-ISAC) and NACHA, the electronic payments association.

Armed with a warrant from a federal judge, Microsoft gathered evidence, deactivated command and control web servers and seized control of hundreds of web addresses linked to the botnet operation, according to the New York Times.  

The sweep was part of a civil suit brought by Microsoft in its increasingly aggressive campaign to take the lead in combating such crimes by disrupting operations and raising the cost of doing business for cybercriminals, the paper said.

Microsoft's fight against crime is led by Richard Boscovich, a former federal prosecutor and head of Microsoft's digital crimes unit.

The latest raids are intended to send a message to the criminals behind the scheme to let them know Microsoft is watching them, he said.

This is the fourth botnet operation to be targeted by Microsoft, starting with shutting down the Waledac botnet in February 2010, followed by Rustock in March 2011, and Kelihos in September 2011.

"With this legal and technical action, a number of the most harmful botnets using the Zeus family of malware worldwide have been disrupted in an unprecedented, proactive cross-industry operation against this cybercriminal organisation," Boscovich wrote in a blog post.

"Due to the unique complexity of these particular targets, unlike our prior botnet takedown operations, the goal here was not the permanent shutdown of all impacted targets. Rather, our goal was a strategic disruption of operations to mitigate the threat to cause long-term damage to the cybercriminal organisation that relies on these botnets for illicit gain," he said.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy