On March 23rd, Microsoft in collaboration with the Financial Services Information Sharing and Analysis Center (FS-ISAC), The Electronic Payments Association (NACHA), and Kyrus Tech Inc were escorted by U.S. Marshals to seize control of command & control servers for this banking infection. The servers were located in hosting locations in Scranton, Pa. and Lombard, Ill. This is the second time Microsoft has been involved in a disruption of the Zeus botnet and the first time Microsoft had collaborated with other organizations as part of this take down.
The analysis of these servers will allow Microsoft and its partners to further determine how many and which computers are infected. This information can then be shared with Internet Service Providers and consumer watchdogs to help alerts users that these infections are located on their computer. With information sharing and education, Microsoft hopes to undermine, if not eliminate, the criminal infrastructure behind the Zeus and Spy Eye organization.