Zeus botnet comes under fire

A place to discuss malware of every flavor, e.g. Storm, Waledac, Conficker and Zeus

Zeus botnet comes under fire

Postby Red Dwarf » Mon Mar 26, 2012 4:52 am

News Press Release
Microsoft Joins Financial Services Industry to Disrupt Massive Zeus Cybercrime Operation That Fuels Worldwide Fraud and Identity Theft
REDMOND, Wash. — March 25, 2012 — In its most complex effort to disrupt botnets to date, Microsoft Corp., in collaboration with the financial services industry — including the Financial Services – Information Sharing and Analysis Center (FS-ISAC) and NACHA – The Electronic Payments Association — as well as Kyrus Tech Inc., announced it has successfully executed a coordinated global action against some of the most notorious cybercrime operations that fuel online fraud and identity theft. With this legal and technical action, a number of the most harmful botnets using the Zeus family of malware worldwide have been disrupted in an unprecedented, proactive cross-industry action against this cybercriminal organization.

The legal notice issued by MICROSOFT CORP., FS-ISAC, INC., and NATIONAL AUTOMATED CLEARING HOUSE ASSOCIATION, is on display at http://www.zeuslegalnotice.com/
The defendants are listed under pseudonyms as JOHN DOES 1-39 D/B/A Slavik, Monstr, IOO, Nu11, nvidiag, zebra7753, lexa_Mef, gss, iceIX, Harderman, Gribodemon, Aqua, aquaSecond, it, percent, cp01, hct, xman, Pepsi, miami, miamibc, petr0vich, Mr. ICQ, Tank, tankist, Kusunagi, Noname, Lucky, Bashorg, Indep, Mask, Enx, Benny, Bentley, Denis Lubimov, MaDaGaSka, Vkontake, rfcid, parik, reronic, Daniel, bx1, Daniel Hamza, Danielbx1, jah, Jonni, jtk, Veggi Roma, D frank, duo, Admin2010, h4x0rdz, Donsft, mary.J555, susanneon, kainehabe, virus_e_2003, spaishp, sere.bro, muddem, mechan1zm, vlad.dimitrov, jheto2002, sector.exploits AND JabberZeus Crew CONTROLLING COMPUTER BOTNETS THEREBY INJURING PLAINTIFFS, AND THEIR CUSTOMERS AND MEMBERS,

The notice contains restraining orders and legal seizure orders. This will enable the plaintiffs to take and secure command control systems for analysis and evidence. This will make it possible to effect a take-down of this massive botnet which counts the number of infected slave machines in the tens of millions.
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10487
Joined: Tue Jun 27, 2006 2:01 am

Re: Zeus botnet comes under fire

Postby Red Dwarf » Mon Mar 26, 2012 5:05 am

First seizures, from Cnet news

Microsoft and financial services organizations, with an escort of U.S. Marshals, seized command-and-control servers Friday to take down botnets allegedly used to steal more than $100 million using an estimated 13 million computers infected with the Zeus malware.

After raids in Scranton, Pa., and Lombard, Ill., "some of the worst known Zeus botnets were disrupted by Microsoft and our partners worldwide," Microsoft announced Sunday night in a post by Richard Domingues Boscovich, senior attorney with Microsoft's Digital Crimes Unit.

Richard Domingues Boscovich wrote:For this action – codenamed Operation b71 – we focused on botnets using Zeus, SpyEye and Ice-IX variants of the Zeus family of malware, known to cause the most public harm and which experts believe are responsible for nearly half a billion dollars in damages.
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10487
Joined: Tue Jun 27, 2006 2:01 am

Re: Zeus botnet comes under fire

Postby spamislame » Mon Mar 26, 2012 10:32 am

Man, they really are on a roll aren't they? Crazy.

Hopefully many more stories to come on this one. (39 defendants. Yikes.)

SiL
User avatar
spamislame
Site Admin
 
Posts: 5057
Joined: Tue May 09, 2006 9:18 am

Re: Zeus botnet comes under fire

Postby NotBuyingIt » Mon Mar 26, 2012 7:22 pm

The notice contains restraining orders and legal seizure orders.

The legal complaint contains a list of botnet-controlled sites that includes 3357 domain names, 402 sub-domains (listed by URL) and these two IP addresses

173.243.112.20 (host: Continumm Data Centers, LLC, Lombard, IL)
64.120.135.186 (Burstnet Technologies, Inc., Scranton, PA)

Source:
http://www.scribd.com/doc/86715736/Micr ... -operators
NotBuyingIt
Spammer Killing Machine
 
Posts: 611
Joined: Sun Jun 13, 2010 5:22 pm

Re: Zeus botnet comes under fire

Postby spamislame » Sat Mar 31, 2012 7:48 pm

Xylibox has some amazing insites into this particular story:

http://xylibox.blogspot.ca/2012/03/behi ... demon.html

The whole article is really interesting.

SiL
User avatar
spamislame
Site Admin
 
Posts: 5057
Joined: Tue May 09, 2006 9:18 am

Re: Zeus botnet comes under fire

Postby NotBuyingIt » Sat May 05, 2012 11:07 pm

You've got mail — better raise bail.

Krebs: "Google, and perhaps other email providers, recently began notifying the alleged [ZeuS] botmasters that Microsoft was requesting their personal details."

http://krebsonsecurity.com/2012/05/micr ... r-inboxes/
NotBuyingIt
Spammer Killing Machine
 
Posts: 611
Joined: Sun Jun 13, 2010 5:22 pm

Re: Zeus botnet comes under fire

Postby Red Dwarf » Sun May 06, 2012 6:10 pm

This bit made me laugh

"But the case also is once again drawing fire from a number of people within the security community who question the wisdom and long-term consequences of Microsoft’s strategy for combating cybercrime without involving law enforcement officials."

Woe to anyone who seeks to assist the law enforcement agencies? Yeah, right! We will see who gets to the finish line first.
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10487
Joined: Tue Jun 27, 2006 2:01 am


Return to Malware

Who is online

Users browsing this forum: No registered users and 1 guest

cron