Clicky
Last visit was: Fri Jul 04, 2014 6:37 pm
It is currently Fri Jul 04, 2014 6:37 pm

Zeus botnet comes under fire


All times are UTC - 5 hours [ DST ]


 [ 7 posts ] 
Author Message
 PostPosted: Mon Mar 26, 2012 4:52 am   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
News Press Release
Microsoft Joins Financial Services Industry to Disrupt Massive Zeus Cybercrime Operation That Fuels Worldwide Fraud and Identity Theft
REDMOND, Wash. — March 25, 2012 — In its most complex effort to disrupt botnets to date, Microsoft Corp., in collaboration with the financial services industry — including the Financial Services – Information Sharing and Analysis Center (FS-ISAC) and NACHA – The Electronic Payments Association — as well as Kyrus Tech Inc., announced it has successfully executed a coordinated global action against some of the most notorious cybercrime operations that fuel online fraud and identity theft. With this legal and technical action, a number of the most harmful botnets using the Zeus family of malware worldwide have been disrupted in an unprecedented, proactive cross-industry action against this cybercriminal organization.

The legal notice issued by MICROSOFT CORP., FS-ISAC, INC., and NATIONAL AUTOMATED CLEARING HOUSE ASSOCIATION, is on display at http://www.zeuslegalnotice.com/
The defendants are listed under pseudonyms as JOHN DOES 1-39 D/B/A Slavik, Monstr, IOO, Nu11, nvidiag, zebra7753, lexa_Mef, gss, iceIX, Harderman, Gribodemon, Aqua, aquaSecond, it, percent, cp01, hct, xman, Pepsi, miami, miamibc, petr0vich, Mr. ICQ, Tank, tankist, Kusunagi, Noname, Lucky, Bashorg, Indep, Mask, Enx, Benny, Bentley, Denis Lubimov, MaDaGaSka, Vkontake, rfcid, parik, reronic, Daniel, bx1, Daniel Hamza, Danielbx1, jah, Jonni, jtk, Veggi Roma, D frank, duo, Admin2010, h4x0rdz, Donsft, mary.J555, susanneon, kainehabe, virus_e_2003, spaishp, sere.bro, muddem, mechan1zm, vlad.dimitrov, jheto2002, sector.exploits AND JabberZeus Crew CONTROLLING COMPUTER BOTNETS THEREBY INJURING PLAINTIFFS, AND THEIR CUSTOMERS AND MEMBERS,

The notice contains restraining orders and legal seizure orders. This will enable the plaintiffs to take and secure command control systems for analysis and evidence. This will make it possible to effect a take-down of this massive botnet which counts the number of infected slave machines in the tens of millions.


Top
 Profile WWW  
 PostPosted: Mon Mar 26, 2012 5:05 am   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
First seizures, from Cnet news

Microsoft and financial services organizations, with an escort of U.S. Marshals, seized command-and-control servers Friday to take down botnets allegedly used to steal more than $100 million using an estimated 13 million computers infected with the Zeus malware.

After raids in Scranton, Pa., and Lombard, Ill., "some of the worst known Zeus botnets were disrupted by Microsoft and our partners worldwide," Microsoft announced Sunday night in a post by Richard Domingues Boscovich, senior attorney with Microsoft's Digital Crimes Unit.

Richard Domingues Boscovich wrote:
For this action – codenamed Operation b71 – we focused on botnets using Zeus, SpyEye and Ice-IX variants of the Zeus family of malware, known to cause the most public harm and which experts believe are responsible for nearly half a billion dollars in damages.


Top
 Profile WWW  
 PostPosted: Mon Mar 26, 2012 10:32 am   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
Man, they really are on a roll aren't they? Crazy.

Hopefully many more stories to come on this one. (39 defendants. Yikes.)

SiL


Top
 Profile  
 PostPosted: Mon Mar 26, 2012 7:22 pm   
Spammer Killing Machine
User avatar

Joined: Sun Jun 13, 2010 5:22 pm
Posts: 528
Quote:
The notice contains restraining orders and legal seizure orders.

The legal complaint contains a list of botnet-controlled sites that includes 3357 domain names, 402 sub-domains (listed by URL) and these two IP addresses

173.243.112.20 (host: Continumm Data Centers, LLC, Lombard, IL)
64.120.135.186 (Burstnet Technologies, Inc., Scranton, PA)

Source:
http://www.scribd.com/doc/86715736/Micr ... -operators


Top
 Profile  
 PostPosted: Sat Mar 31, 2012 7:48 pm   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
Xylibox has some amazing insites into this particular story:

http://xylibox.blogspot.ca/2012/03/behi ... demon.html

The whole article is really interesting.

SiL


Top
 Profile  
 PostPosted: Sat May 05, 2012 11:07 pm   
Spammer Killing Machine
User avatar

Joined: Sun Jun 13, 2010 5:22 pm
Posts: 528
You've got mail — better raise bail.

Krebs: "Google, and perhaps other email providers, recently began notifying the alleged [ZeuS] botmasters that Microsoft was requesting their personal details."

http://krebsonsecurity.com/2012/05/micr ... r-inboxes/


Top
 Profile  
 PostPosted: Sun May 06, 2012 6:10 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
This bit made me laugh

"But the case also is once again drawing fire from a number of people within the security community who question the wisdom and long-term consequences of Microsoft’s strategy for combating cybercrime without involving law enforcement officials."

Woe to anyone who seeks to assist the law enforcement agencies? Yeah, right! We will see who gets to the finish line first.


Top
 Profile WWW  
 [ 7 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Wayback machine and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Style originally created by Volize © 2003 • Redesigned SkyLine by MartectX © 2008