March 26, IDG News Service – (Pennsylvania; Illinois, International) Microsoft leads seizure of Zeus-related cybercrime servers. March 26, Microsoft said it and several partners disrupted several cybercrime rings that used a piece of malicious software called Zeus to steal $100 million over the last 5 years. The company said a consolidated legal case was filed against those allegedly responsible that for the first time applies the - 6 - Racketeer Influenced and Corrupt Organizations Act. Zeus is difficult for financial institutions to address because of its stealthy nature and advanced spying capabilities that center around stealing online banking and e-commerce credentials. According to a complaint filed under seal March 19 in New York, Microsoft accused the defendants of infecting more than 13 million computers and stealing more than $100 million. The civil complaint lists 39 “John Doe” defendants, many of whom are identified only by online nicknames. The senior manager of investigations for Microsoft’s Digital Crimes Unit said the creators of Zeus sold “builder kits” to other would-be cybercriminals. Simple versions sold for as little as $700, while more advanced versions could cost $15,000 or more, the affidavit said. Microsoft also said this is the first time other parties joined it as a plaintiff in a botnet case. The other plaintiffs are the Financial Services Information Sharing and Analysis Center, and the National Automated Clearing House Association. The court granted Microsoft and its partners permission to seize servers located in Scranton, Pennsylvania, and Lombard, Illinois, March 23. Microsoft took control of 800 domains that are part of Zeus’ infrastructure in an attempt to completely wrest control of the networks from their operators.
Ali Loney, on March 26, 2012