Skip to main content

The Globe and Mail

Microsoft leads sting operation against Zeus botnets

MARK BLINCH/MARK BLINCH/REUTERS

Microsoft Corp. claimed a victory in efforts to combat online banking fraud, saying it had confiscated several servers used to steal login names and passwords, disrupting some of the world's most sophisticated cybercrime rings.

The software maker said on Monday that its cybercrime investigation group also took legal and technical actions to fight notorious criminals who infect computers with a prevalent malicious software known as Zeus.

By recruiting computers into networks called botnets, Zeus logs the online activity of infected machines, providing criminals with credentials to access financial accounts.

Story continues below advertisement

"We've disrupted a critical source of money-making for digital fraudsters and cyber thieves, while gaining important information to help identify those responsible and better protect victims," said Richard Boscovich, senior attorney for the Microsoft Digital Crimes Unit, which handled the investigation in collaboration with the financial industry.

Microsoft's Digital Crimes Unit is worldwide team of investigators, lawyers, analysts and other specialists who fight cybercrime. A year ago they helped U.S. authorities take down a botnet known as Rustock that had been one of the biggest producers of spam e-mail. Some security experts estimated that in its heyday Rustock was responsible for half the spam in junk email bins.

The company said the moves announced Monday had not dealt a fatal blow to Zeus, which is available for download on websites frequented by criminal hackers. It is used to manage many botnets, including ones that were not impacted by Microsoft's actions.

"The goal of this action was not to permanently shut down all impacted Zeus botnets," Microsoft said in a release, citing the complex nature of the networks.

Microsoft said it sought to damage the operations and infrastructure of the botnets, gather information to identify the criminals and help find and rescue some infected machines.

The company said that U.S. Marshalls helped it seize servers on Friday at hosting centers in Scranton, Pennsylvania and Lombard, Illinois after it won a court order from a U.S. District judge in Brooklyn, New York.

Microsoft said the team had also shut down some channels that criminals were using to communicate with infected machines and had begun monitoring other parts of the infrastructure.

Story continues below advertisement

The software maker said it conducted the operation in collaboration with security firm Kyrus Tech and several financial services industry groups, including the Financial Services Information Sharing and Analysis Center and the National Automated Clearing House Association.

Report an error Licensing Options
Comments are closed

We have closed comments on this story for legal reasons. For more information on our commenting policies and how our community-based moderation works, please read our Community Guidelines and our Terms and Conditions.

Combined Shape Created with Sketch.

Globe Newsletters

Get a summary of news of the day

Combined Shape Created with Sketch.

Thank you!

You are now subscribed to the newsletter at

You can unsubscribe from this newsletter or Globe promotions at any time by clicking the link at the bottom of the newsletter, or by emailing us at privacy@globeandmail.com.