Microsoft Employees and U.S. Marshals Raid Offices, Seize Zeus Botnet Servers
Last Friday, Microsoft employees, along with some U.S. Marshals, raided office buildings in Scranton, Pennsylvania and Lombard, Illinois and seized servers thought to be used by botnets for identity theft. The botnet in question is related to Zeus malware, which utilizes keyloggers to snag users’ financial information and is thought to be responsible for around 13 million infections across the globe. That’s part of the reason Microsoft took the initiative to handle things personally; the other part was trademark infringement.
Seizing botnet servers seems like the sort of thing that should be law enforcement territory, but Microsoft’s own Digital Crimes Unit (DCU) got clearance to get their hands dirty after filing a civil suit regarding trademark violations, at which point they were given permission to take a stab at the botnet’s command and control structures with the help of some Marshals. Microsoft claims that Zeus software, which allows its user to wield the botnet, is sold for anywhere between $700 and $15,000 and utilizes many of the seized servers to carry out its dirty work.
Considering the Zeus botnet is comprised of many, many computers, the server seizure isn’t going to take down the whole network. In fact, given the way the botnet is structured, a complete takedown may be practically impossible. Even so, Microsoft maintains that the seizure of these servers should make botnet operation at least a little bit harder and should help stem the tide of Zeus infections for the time being. In the meantime, Microsoft is taking the opportunity to take a very hands-on approach to dealing with botnet identity theft and cyber-crime on the whole. Despair ye, Internet criminals; Microsoft-man is gunning for you.
(via The Verge, image credit Shutterstock)
- A primer on botnets, in infographic form
- This isn’t the first time Microsoft has battled with botnets
- Bitcoin mining botnet controlled with Twitter
Have a tip we should know? [email protected]