InBoxRevenge KS Forum

News Press Release
Microsoft Joins Financial Services Industry to Disrupt Massive Zeus Cybercrime Operation That Fuels Worldwide Fraud and Identity Theft
REDMOND, Wash. — March 25, 2012 — In its most complex effort to disrupt botnets to date, Microsoft Corp., in collaboration with the financial services industry — including the Financial Services – Information Sharing and Analysis Center (FS-ISAC) and NACHA – The Electronic Payments Association — as well as Kyrus Tech Inc., announced it has successfully executed a coordinated global action against some of the most notorious cybercrime operations that fuel online fraud and identity theft. With this legal and technical action, a number of the most harmful botnets using the Zeus family of malware worldwide have been disrupted in an unprecedented, proactive cross-industry action against this cybercriminal organization.

The legal notice issued by MICROSOFT CORP., FS-ISAC, INC., and NATIONAL AUTOMATED CLEARING HOUSE ASSOCIATION, is on display at http://www.zeuslegalnotice.com/
The defendants are listed under pseudonyms as JOHN DOES 1-39 D/B/A Slavik, Monstr, IOO, Nu11, nvidiag, zebra7753, lexa_Mef, gss, iceIX, Harderman, Gribodemon, Aqua, aquaSecond, it, percent, cp01, hct, xman, Pepsi, miami, miamibc, petr0vich, Mr. ICQ, Tank, tankist, Kusunagi, Noname, Lucky, Bashorg, Indep, Mask, Enx, Benny, Bentley, Denis Lubimov, MaDaGaSka, Vkontake, rfcid, parik, reronic, Daniel, bx1, Daniel Hamza, Danielbx1, jah, Jonni, jtk, Veggi Roma, D frank, duo, Admin2010, h4x0rdz, Donsft, mary.J555, susanneon, kainehabe, virus_e_2003, spaishp, sere.bro, muddem, mechan1zm, vlad.dimitrov, jheto2002, sector.exploits AND JabberZeus Crew CONTROLLING COMPUTER BOTNETS THEREBY INJURING PLAINTIFFS, AND THEIR CUSTOMERS AND MEMBERS,

The notice contains restraining orders and legal seizure orders. This will enable the plaintiffs to take and secure command control systems for analysis and evidence. This will make it possible to effect a take-down of this massive botnet which counts the number of infected slave machines in the tens of millions.

First seizures, from Cnet news

Microsoft and financial services organizations, with an escort of U.S. Marshals, seized command-and-control servers Friday to take down botnets allegedly used to steal more than $100 million using an estimated 13 million computers infected with the Zeus malware.

After raids in Scranton, Pa., and Lombard, Ill., "some of the worst known Zeus botnets were disrupted by Microsoft and our partners worldwide," Microsoft announced Sunday night in a post by Richard Domingues Boscovich, senior attorney with Microsoft's Digital Crimes Unit.

Man, they really are on a roll aren't they? Crazy.

Hopefully many more stories to come on this one. (39 defendants. Yikes.)

SiL

The legal complaint contains a list of botnet-controlled sites that includes 3357 domain names, 402 sub-domains (listed by URL) and these two IP addresses

173.243.112.20 (host: Continumm Data Centers, LLC, Lombard, IL)
64.120.135.186 (Burstnet Technologies, Inc., Scranton, PA)

Source:
http://www.scribd.com/doc/86715736/Micr ... -operators

Xylibox has some amazing insites into this particular story:

http://xylibox.blogspot.ca/2012/03/behi ... demon.html

The whole article is really interesting.

SiL

You've got mail — better raise bail.

Krebs: "Google, and perhaps other email providers, recently began notifying the alleged [ZeuS] botmasters that Microsoft was requesting their personal details."

http://krebsonsecurity.com/2012/05/micr ... r-inboxes/

This bit made me laugh

"But the case also is once again drawing fire from a number of people within the security community who question the wisdom and long-term consequences of Microsoft’s strategy for combating cybercrime without involving law enforcement officials."

Woe to anyone who seeks to assist the law enforcement agencies? Yeah, right! We will see who gets to the finish line first.