Microsoft Digital Crimes Unit, working in conjunction with financial institutions and the computer security industry, has joined forces with US Marshals to take down a number of botnets which have been utilizing variants of the Zeus family of malware. It is claimed that Zeus and its variants are alone responsible for almost 500 million dollars in damages.
Last Friday, US Marshals accompanied by Microsoft investigators raided office buildings in Illinois and Pennsylvania and deactivated web servers utilized by cybercriminals. They subsequently seized control of hundreds of domains being used for criminal purposes.The seized computers will now be examined to see if they reveal any information about who might be at the top of the food chain.
I must be honest and admit, I wasn’t even aware Microsoft had a Digital Crimes Unit. Even though this action may be viewed by many as attacking the ‘tip of the inceberg’, it’s nice to know these institutions are working pro-actively with law enforcement in an effort to at least make some impact.
Exactly what is a botnet – this explanation from Wikipedia:
A botnet is a collection of compromised computers, each of which is known as a ‘bot’, connected to the internet. When a computer is compromised by an attacker, there is often code within the malware that commands it to become part of a botnet. The “botmaster” or “bot herder” controls these compromised computers via standards-based network protocols.
Computers are recruited into a botnet by running malicious software. This may be achieved by a drive-by download exploiting web browser vulnerabilities, or by tricking the user into running a Trojan horse program, possibly in an email attachment. As with any malware, there is no general rule; the software controls the computer and can do anything. It will typically install modules which allow the computer to be ‘commanded and controlled’ by the botnet’s owner.
Pretty scary stuff, and an extremely powerful method for cybercriminals to exploit.
I mentioned earlier about “the tip of the iceberg”; that perception comes about because these botnets are sold in kit form which operate independently from one another. So, taking down specific botnets is not going to have any detrimental affect on all the others which are still out there – plus, because these kits are so readily available, new ones are likely to keep popping up ad infinitum.
However, if seized computers do happen to lead to the masterminds behind the actual development and distribution – well, we live in hope. Some might argue that Microsoft’s involvement is somewhat self-serving, but I personally don’t mind in the least if their motivation is not entirely altruistic, I’m just happy to hear they are actively pursuing these cybercriminals. Anything which helps make the internet a safer place has to be a good thing, yes?
Operation b71: Microsoft and Financial Industry Battle the Zeus Botnets