Olympus has fallen: Microsoft and the FBI take down Zeus botnet
Microsoft has a digital crimes unit, which it has utilized to systematically go after botnets around the world. The company claims several victories, but none is likely as big as the one now unveiled.
Zeus, an especially troubling entity, has been taken down by a combination of the Microsoft DCU and the US FBI. The company announces that the game is now over for "GameOver", a variant of Zeus (also known as Zbot).
"We’re pleased to announce that Microsoft, working closely with the FBI and industry partners, has taken action to remove malware, so that infected computers can no longer be used for harm", says Microsoft's Richard Domingues Boscovich, assistant general counsel.
If you have not heard of GameOver, it is a form of malware designed to steal passwords and, according to security researchers at Dell, it was the most active banking trojan in 2013. It uses peer-to-peer technology, making it much harder to track.
In the move, an FBI-led team took down some of the command and control infrastructure, which it claims was "linked to domains generated by the malware and registered by the cyber-criminals". The domains were seized, however Microsoft did not file a lawsuit, as it has done in past cases.
Security researcher Graham Cluely has learned that the US Department of Justice filed criminal charges against the alleged leader, a Russian hacker known as Evgeniy Mikhailovich Bogachev. Cluely writes that "the US Department of Justice claims that since GameOver Zeus first appeared in September 2011, it has resulted in an eye-watering $100 million of losses". He also proceeds to list various names the hacker used online.
In a statement, Boscovich claims "Microsoft’s role in this technical action was to conduct analysis on the P2P network and develop a cleaning solution. Also, through an additional feed from Shadow Server, we are able to augment our visibility into the number of impacted IP addresses that feed into Microsoft’s Cyber-Threat Intelligence Program (C-TIP), and work closely with global Community Emergency Response Teams (CERTs) and Internet service providers (ISPs) to help owners of compromised computers regain control of their systems. Based upon these actions, it is anticipated that the cybercriminals’ business model will be disrupted, and they will be forced to rebuild their criminal infrastructure. More importantly, victims of GameOver Zeus have been, and will continue to be, notified and their infected computers cleaned to prevent future harm".
Microsoft boasts that this is the second botnet it has taken out since the opening of its Cybercrime Center last November. The company previously brought down ZeroAccess in December of 2013. No doubt others are being monitored for future action.