Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft completes operation to seize critical Zeus and Spy Eye command and control servers


  • Please log in to reply
10 replies to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,612 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:49 AM

Posted 26 March 2012 - 11:11 AM

Microsoft announced today that it had successfully executed a seizure of command control servers that has caused critical disruption for the Zeus and Spy Eye botnet. The Zeus Trojan is a computer infection that quietly sits on an infected computer while monitoring keystrokes in order to steal banking information. Once banking information is obtained, it transmits the login credentials to the remote cybercriminals who then use that information to transfer the infected user's money to accounts under their control. It is estimated that there are over 13 million computers worldwide, with approximately 3 million in US, are infected with this malware. There are also estimates that over $70 million dollars have been stolen via this malware.

On March 23rd, Microsoft in collaboration with the Financial Services Information Sharing and Analysis Center (FS-ISAC), The Electronic Payments Association (NACHA), and Kyrus Tech Inc were escorted by U.S. Marshals to seize control of command & control servers for this banking infection. The servers were located in hosting locations in Scranton, Pa. and Lombard, Ill. This is the second time Microsoft has been involved in a disruption of the Zeus botnet and the first time Microsoft had collaborated with other organizations as part of this take down.

The analysis of these servers will allow Microsoft and its partners to further determine how many and which computers are infected. This information can then be shared with Internet Service Providers and consumer watchdogs to help alerts users that these infections are located on their computer. With information sharing and education, Microsoft hopes to undermine, if not eliminate, the criminal infrastructure behind the Zeus and Spy Eye organization.


BC AdBot (Login to Remove)

 


#2 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:08:49 AM

Posted 26 March 2012 - 11:41 AM

Chalk one up for the good guys! :clapping:

#3 Sani-T-Capt1

Sani-T-Capt1

  • Members
  • 559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Planet Earth
  • Local time:11:49 AM

Posted 26 March 2012 - 01:03 PM

Scranton? Wow that's right in my backyard :crazy:
Either We Learn to Live Together as People, Or Die Apart as Fools !


Ignorance ISN'T Bliss, It's Just "IGNORANCE"!!

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,403 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:49 AM

Posted 26 March 2012 - 06:43 PM

Excellent work, it's refreshing to hear when one of these gets kicked out.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 castoffpolite

castoffpolite

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Somewhere in Nebraska, I think.
  • Local time:09:49 AM

Posted 27 March 2012 - 09:36 AM

Thank you Grinler for this information. I agree with Andrew. :thumbsup:

Cast

#6 Tron Thompson

Tron Thompson

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 27 March 2012 - 12:40 PM

Both me and my wife bank at Chase. We have seperate accounts. I had to reset my banking password and she needed a new card. Chase won't give an explaination. I wonder if it's connected.

#7 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,612 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:49 AM

Posted 27 March 2012 - 12:57 PM

It's very possible that information sharing by MS is causing this to happen.

I have to assume if the people examining the data are able to determine specific accounts that have been compromised that they would share this info with the appropriate people.

#8 ITGeekGirl

ITGeekGirl

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:10:49 AM

Posted 28 March 2012 - 11:46 AM

How are the notifications going to be sent out? I hope not through email, or we're about to get a new wave of computers to remove malware from. I've just gotten our office into the habit of not trusting half the email they receive. This might set us back again.

#9 Knight_of_BAAWA

Knight_of_BAAWA

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 29 March 2012 - 08:13 AM

I don't know why this hadn't been done years before when these rogue programs first popped up. The adage of "follow the money" and then taking away their money-laundering ability would destroy the profitability of fraudware/scareware/scamware, thus reducing their creation/use.

#10 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,612 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:49 AM

Posted 29 March 2012 - 08:15 AM

Most of the time these criminals operate in countries that don't have the same perspective on cybercrime as the USA does.

#11 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:11:49 AM

Posted 07 April 2012 - 12:35 AM

Yeah, you can say that again. No wonder people are leary of any .ru or .su domain. .Su more so than .Ru, but both make people nervous, I think. I always watch out for them. From the blogs and feeds that I receive every day, it seems that most malware is born in russia. Correct me if I'm wrong though. But on the side, as I train to be an administrator of Microsoft technologies my self, I look forward to the day when I'm in the job, and who knows, maybe I'll be asked to seize a server or two. Nice going, Microsoft! And hopefully, there actually is the disruption that Microsoft hopes there will be. it seems that things don't seem to want to slow down even with this.

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users