Microsoft Takes Down Botnets Of Online Banking Thieves


Microsoft has taken down a number of malware-spreading botnets that infected millions of computers worldwide and stole more than $100 million from financial institutions and other businesses.

Under the escort of U.S. Marshals and with a warrant from a federal judge, Microsoft and two other co-plaintiffs in a lawsuit against the unidentified botnet operators seized command-and-control servers in Lombard, Ill., and Scranton, Penn., the Redmond, Wash.-based software maker said late Sunday. A federal court in New York granted permission for the seizure, which included taking control of 800 domains used in the criminal network.

According to court papers, Microsoft disrupted a botnet of 13 million computers, including 3 million in the U.S., that spread the Zeus family of malware that included the SpyEye and Ice-IX variants. The malware tracks a computer user's online activity and records keystrokes, so it can steal the user name and password when a victim visits an online banking site.

The Zeus-related malware has caused more than a half-billion dollars in damages to businesses, according to Microsoft. The botnets taken down Friday following a month-long investigation stole more than $100 million over the last five years.

"With this action, we’ve disrupted a critical source of money-making for digital fraudsters and cyberthieves, while gaining important information to help identify those responsible and better protect victims," Richard Boscovich, senior attorney for the Microsoft Digital Crimes Unit, said. "The Microsoft Digital Crimes Unit has long been working to combat cybercrime operations, and today is a particularly important strike against cybercrime that we expect will be felt across the criminal underground for a long time to come."

In shutting down the malware networks, Microsoft invoked the Racketeer Influenced and Corrupt Organizations Act for the first time. The RICO act is used in cases against organized crime. While no arrests have been made, Microsoft and the other plaintiffs believe an organization of criminals is behind the botnets.

Joining Microsoft in the civil suit that led to the seizures were the Financial Services Information Sharing and Analysis Center, a nonprofit formed by financial institutions to fight cyber-crime, and the NACHA Electronics Payments Association, which manages the network for electronic payments, such as direct deposits and funds transfers.

The latest operation was the fourth high-profile botnet takedown led by Microsoft's Project MARS (Microsoft Active Response for Security) initiative. The previous operation shuttered the Kelihos botnet,which at its peak commandeered 41,000 computers and distributed more than 3.8 billion spam a day.