[LINK] MS busts botnet network

Jan Whitaker jwhit at janwhitaker.com
Tue Mar 27 19:23:50 AEDT 2012



Microsoft Botnet Bust: U.S. Marshals Raid Offices In Two States To 
Disrupt Massive Botnet

Posted: 03/26/2012 8:04 pm Updated: 03/26/2012 8:04 pm

http://www.huffingtonpost.com/2012/03/26/microsoft-botnet-bust-raids-marshal_n_1379718.html?ref=topbar

Cyber investigators from Microsoft, joined by a team of United States 
marshals, raided offices in Pennsylvania and Illinois Friday to 
disrupt a global network of more than 13 million infected computers 
that they said helped cyber criminals steal $100 million in the past 
five years.

The coordinated seizure of computer servers at two hosting centers in 
Scranton, Pa., and Lombard, Ill., was "our most complex effort to 
disrupt botnets to date," Richard Boscovich, a senior attorney at 
Microsoft's Digital Crimes Unit, 
<http://blogs.technet.com/b/microsoft_blog/archive/2012/03/25/microsoft-and-financial-services-industry-leaders-target-cybercriminal-operations-from-zeus-botnets.aspx>said 
in a blog post.

Botnets are global networks of infected computers that allow cyber 
criminals to steal consumer financial data. They grow in size as 
computer users accidentally click on a malicious link or file, and 
their PCs begin performing automated tasks that help cyber criminals 
commit identity theft.

Microsoft, whose aim is to secure its 
<http://marketshare.hitslink.com/operating-system-market-share.aspx?qprid=8>Windows 
operating system that still dominates the market, alleges that 
botnets infected with the so-called Zeus malware can record users' 
computer keystrokes to steal usernames and passwords linked to online 
bank accounts. In addition to stealing more than $100 million, the 
botnet operators have sold hundreds of versions of Zeus -- with 
various levels of sophistication -- for between $700 and $15,000, 
Microsoft said.

On March 19, 
<http://www.zeuslegalnotice.com/images/Complaint_w_Appendices.pdf>Microsoft 
filed suit in federal court in Brooklyn against 39 unnamed 
defendants. The suit asked a judge for permission to raid the offices 
in Illinois and Pennsylvania, and shut down the command servers of 
the botnets. Financial Services Information Sharing and Analysis 
Center and the National Automated Clearing House Association were 
also on the complaint with Microsoft.

Boscovich said this was Microsoft's fourth raid, all of which have 
gathered "valuable evidence and intelligence" to help rescue 
computers from botnets and identify the cybercriminals behind them. 
Operators of the hosting centers that were raided 
<http://www.nytimes.com/2012/03/26/technology/microsoft-raids-tackle-online-crime.html?pagewanted=2>told 
the New York Times they were unaware the equipment inside their 
facilities was being used for a botnet.

Boscovich called the raid "a strategic disruption of operations" 
meant to cause "long-term damage to the cyber criminal organization 
that relies on these botnets for illicit gain."

"We don't expect this action to have wiped out every Zeus botnet 
operating in the world," Boscovich said. "However, together, we have 
proactively disrupted some of the most harmful botnets, and we expect 
this effort will significantly impact the cybercriminal underground 
for quite some time."

Microsoft's raids are part of a growing effort in the public and 
private sector to disrupt botnets. On Thursday, the Federal 
Communications Commission 
<http://www.huffingtonpost.com/2012/03/22/internet-providers-botnets_n_1372837.html>announced 
commitments from most of the nation's Internet service providers to 
adhere to a voluntary "code of conduct" to fight networks of infected 
PCs. The companies pledged to detect whether customers' computers 
have become robots -- or "bots" -- and notify and help customers 
whose computers are infected.

The Zeus botnet spread largely through misleading spam messages that 
used a variety of methods to trick users into clicking malicious 
links. Some fake messages asked users to accept invitations from 
Facebook friends, accept tax refunds from the Internal Revenue 
Service, or download a Microsoft "Critical Security Update." Once 
users clicked on the fake links or files, their computers became infected.

Microsoft said consumers can take several measures to protect 
themselves, such as keeping their software up-to-date, running 
anti-virus and anti-malware protection programs, and avoiding 
clicking on unfamiliar links or email attachments.

Consumers whose computers become part of botnets may notice their 
machines being unusually slow or crashing frequently, 
<http://www.microsoft.com/security/pc-security/botnet.aspx>according 
to the Microsoft Safety and Security Center.

If users realize their computers are infected, they often lack the 
technical resources to fix the problem. Cleaning an infected computer 
"can be exceedingly difficult, time-consuming and frustrating," 
according to Microsoft's complaint.



Melbourne, Victoria, Australia
jwhit at janwhitaker.com
blog: http://janwhitaker.com/jansblog/
business: http://www.janwhitaker.com

Our truest response to the irrationality of the world is to paint or 
sing or write, for only in such response do we find truth.
~Madeline L'Engle, writer

_ __________________ _



More information about the Link mailing list