Categories: SecurityWorkspace

Microsoft Identifies Zeus Botnet Suspects

Microsoft counted two minor successes in its war on botnets on 2 July, putting names to two of the defendants in its lawsuit against a Zeus crime ring and noting that Zeus infections had dropped by almost half in the last three months.

As part of the Microsoft Active Response for Security (MARS) programme, the company filed a lawsuit against a group of unknown defendants – identified as “John Does” in the original complaint – for violation of a number of civil statutes. In a 2 July blog post, the company stated that it had identified two of the defendants, Yevhen Kulibaba and Yuriy Konovalenko, and amended the complaint.

Already in prison

The two defendants, however, are currently serving jail time in the United Kingdom for convictions related to the Zeus malware.

“Our best efforts to identify the remaining John Doe defendants turned up no response,” according to Microsoft’s complaint. “We will continue our efforts to serve defendants Kulibaba and Konovalenko, and the John Doe defendants, with this amended complaint.”

While positively identifying two defendants may appear to be a major win, the two suspects had already been identified by the Zeus Working Group, a loosely connected team of security researchers working to share information on Zeus, as well as security researcher and blogger Brian Krebs in May.

While the information may have already been uncovered, Microsoft has a higher bar to hurdle to put the information into its own complaint, says Richard Boscovich, senior attorney for Microsoft’s Digital Crimes Unit (DCU).

“Many times, the information they have is compared with our independent analysis as we seek to file our civil cases,” said Boscovich. “We tend to be cautious about what we plea in our papers. Only after we feel confident that the information is accurate do we amend and name specific defendants.”

Anti-botnet success

While some of the perpetrators had already been identified, Microsoft’s impact on this particular version of the Zeus botnet appears to have been significant. The total number of attempts at spreading Zeus dropped from 780,000 for one week in March to 336,000 during a single week in June, the company stated.

“These successful results represent a significant advancement for the people that Microsoft, the financial industry and law enforcement are all focused on protecting as customers and citizens,” according to Microsoft.

Zeus botnets are networks of compromised computers created by criminals using the Zeus infection framework, a toolkit that allows the creation of malware, spam campaigns to spread the malware and server software to administer compromised computers. While other malicious software exists to create and manage botnets, the Zeus toolkit is perhaps the best known and widely used.

Over the past three years, Microsoft has used a combination of civil lawsuits to carry out court-ordered command-and-control server takedowns that hobbled the operations of four botnets. In addition to the latest Zeus botnet takedown, Microsoft has pursued the operations behind the Waledac, Rustock and Kelihos botnets.

The takedown of Rustock, for example, led to a sustained drop in spam levels. At the time of the takedown in March 2011, for example, nearly 150 million spam messages were seen every day, according to security firm CommTouch. A year later, spam levels were under 100 million per day, the firm stated in an analysis.

Are you a Skype champion? Take our quiz.

Robert Lemos

Robert Lemos covers cyber security for TechWeekEurope and eWeek

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

10 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

12 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

14 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

14 hours ago