Certain fraudsters that use Zeus-style malware to steal consumers' financial data may be reeling from a recent significant blow.
Microsoft Corp. joined forces with U.S. marshals and several broad financial-services organizations to seize computer servers in Scranton, Pa., and Lombard, Ill., that were running "some of the worst known" Zeus botnets used to steal consumers' online banking credentials and transfer stolen funds, among other crimes, Microsoft noted in a March 25 press release.
The organizations on March 23 entered the facilities housing the servers after receiving permission from the U.S. District for the Eastern District of New York to investigate and seize the equipment.
The Financial Services Information Sharing and Analysis Center, NACHA and Kyrus Tech Inc. joined Microsoft in the action, according to the release.
As part of the bust, Microsoft is monitoring 800 Internet domains in an effort to identify thousand of computers infected by Zeus, the release said.
Zeus enables criminals to extract a victim's online activity and keystrokes to steal personal information crooks can use to steal identities or to make purchases, Microsoft said.
“With this action, we’ve disrupted a critical source of money-making for digital fraudsters and cyberthieves while gaining important information to help identify those responsible and better protect victims,” Richard Boscovich, senior attorney for the Microsoft Digital Crimes Unit, said in the release.
The action is not likely to stop the misuse of Zeus malware in its tracks, Microsoft noted in its release.
Because of its versatility, Zeus in particular has been a boon to thieves, Adam Wosotowsky, senior research analyst with Santa Clara, Calif.-based data-security firm McAfee Inc.'s McAfee Labs, tells PaymentsSource.
"This is definitely a step in the right direction," he says, noting that pinpointing servers engaged in criminal activity has "come of age" within the past year in the face of persistent threats.
"While this surely doesn't put an end to phishing or Zeus-based infections, it should deal a strong blow to botmasters who monetize their infections through thievery," Wosotowsky says.
The bust may cause malware perpetrators to "look hard at trying to establish a more peer-to-peer architecture which will reduce the chances that a single takedown would cripple the entire botnet but may also increase the ability for security-researchers to hijack parts of it through the peer network," he adds.
The fact that host servers were crippled in U.S.-based facilities means criminals may push future activities "into less-established IT sectors" with weaker law enforcement, he warns.
"In the struggle between botnets and the security community, this is equivalent to a handful of cruise missiles pounding an enemy base, so it's not the end of the war, but it is definite statement that our knowledge of the threats has improved to the point where we can target the enemy strongholds."
What do you think about this? Send us your feedback. Click Here.