Microsoft won a court order on 28 November to allow the company and its financial-services partners to continue to administer command-and-control servers for two Zeus botnets that had been shut down by the company’s legal and technical campaign in March 2012.
The motion for a default judgment, which was granted by the US District Court in the Eastern District of New York, gives Microsoft and the National Automated Clearing House Association (NACHA) an injunction that allows the companies to keep the two Zeus botnets and their associated domains disabled for another 24 months. The original takedown, codenamed Operation b71, seized command-and-control servers in Pennsylvania and Illinois and disrupted the online-fraud networks.
“This additional time will allow Microsoft to continue to work with Internet service providers and Computer Emergency Response Teams (CERTs) to clean those computers that are still infected with the malware,” Richard Boscovich, senior attorney for Microsoft’s Digital Crimes Unit, said in an email interview.
The takedown effort appeared to have a substantial impact on the spread of Zeus as the foundation of cyber-criminals botnets: Attempts at infecting systems with Zeus fell by more than half to 336,000 for a single week in June, from 780,000 for a week in early March.
Other successes have been minor. On 2 July, the company publicly identified two of the defendants, Yevhen Kulibaba and Yuriy Konovalenko, but had discovered that they are currently serving jail time in the United Kingdom for convictions related to the Zeus malware. In total, only four of the 39 defendants originally named in the law suit have been identified.
Over the past three years, Microsoft has used a combination of civil lawsuits and technical takedowns to disrupt the operations of four botnets: Waledac in Operation b49, Rustock in Operation b107, Kelihos in Operation b79, and then the Zeus in the latest operation.
The most successful takedown may have been the shuttering of the Rustock botnet, which led to a sustained drop in spam levels. A year after the takedown, for example, spam had dropped to 100 million messages per day, from 150 million at the time of the takedown, according to messaging-security firm Commtouch.
Microsoft is not the only company pursuing the takedown of botnets, but the software giant is the only one to use legal tactics as a significant component of its strategy. Security firm FireEye, for example, called for the takedown of the Grumm botnet, but relied on the goodwill of authorities in other nations to aid in the shuttering of the network’s command-and-control servers.
Do you know all about IBM, the founder of the IT industry?Take our quiz!
Originally published on eWeek.
CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation
Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…
Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…