Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Leads Sting Operation Against Zeus Botnets

Posted by samzenpus on from the don't-bot-me-bro dept.

wiredmikey writes "Microsoft, in what it called its 'most complex effort to disrupt botnets to date,' and in collaboration with partners from the financial services industry, has successfully taken down operations that fuel a number of botnets that make up the notorious Zeus family of malware. In what Microsoft is calling 'Operation b71,' Microsoft and its co-plaintiffs, escorted by U.S. Marshals, seized command and control (C&C) servers in two hosting locations on March 23 in Scranton, Pennsylvania and Lombard, Illinois. The move was to seize and preserve data and evidence from the botnets for the case. In addition to seizing the C&C servers, the group took down two IP addresses behind the Zeus command and control structure, and secured 800 domains that Microsoft is now monitoring and using to help identify computers infected by Zeus."

14 of 114 comments (clear)

  1. Congratulations by Anonymous Coward · · Score: 5, Interesting

    It seems that Microsoft has become a good guy while Apple is rapidly becoming a goat. ... Or have I spoken too soon?

    1. Re:Congratulations by WrongSizeGlass · · Score: 3, Funny

      It seems that Microsoft has become a good guy while Apple is rapidly becoming a goat. ... Or have I spoken too soon?

      Microsoft didn't just do this to be a "good guy". Microsoft's been able to take this step by arguing that the botnet operators have been violating its trademarks and damaging its reputation .

    2. Re:Congratulations by nemasu · · Score: 2

      Well, there are a lot of Apple fanatics that probably would pass as bots. Does that count?

      --
      I made an app! Shoutium
  2. As a linux fanboi it sticks in my throat but.. by Chrisq · · Score: 5, Insightful

    As a linux fanboi it sticks in my throat but well done Microsoft.

    1. Re:As a linux fanboi it sticks in my throat but.. by Anonymous Coward · · Score: 2, Insightful

      I could've written your post myself. I'm no M$ fan, but kudos to them on this one. Now cue the usual Slashdot mob, who'll defend the bot herders, bash Windows security (NO operating system is secure when run a by a person hell-bent & determined to fuck up his own computer) all corporations, and the United States in general...

  3. Re:Physical Seizures? by Anonymous Coward · · Score: 5, Informative

    The US Marshals performed the seizures. Did you not RTFA?

  4. Re:Physical Seizures? by Nyder · · Score: 5, Informative

    TFA:

    Microsoft has conducted physical seizures

    Since when can a CORPORATION perform seizures of private property???

    When it gets a court order and has proper officials (in this case, US Marshals) with them, like it appears happened.

    --
    Be seeing you...
  5. Great, first EA makes it difficult... by deroby · · Score: 2

    .. now Microsoft takes the servers down completely. As if I haven't got enough problems to get C&C:Generals to play on-line as it is.

    --
    If there is one thing to be learned on slashdot, it has to be sarcasm.
  6. Dunder Mifflin? by nthitz · · Score: 5, Funny

    Scranton PA? Surely those guys over at Dunder Mifflin didn't have anything to do with it!

  7. Re:Physical Seizures? by Anonymous Coward · · Score: 2

    The operation is the second time Microsoft has conducted physical seizures in a botnet takedown operation, and is the first known time the Racketeer Influenced and Corrupt Organizations (RICO) Act has been applied as the legal basis in a consolidated civil case to charge all those responsible in the use of a botnet.

    There ya go, lazy-ass AC.

  8. Re:Physical Seizures? by Oswald+McWeany · · Score: 5, Funny

    I probably shouldn't be admitting this online- but I am part of Microsoft's counter-terror department. We are a highly trained SWAT team that risks our life daily raiding LINUX farms. Our safety demands daily communication using Windows phones; it is one of the most dangerous jobs in the country.

    We are highly trained in many ways to take on any situation needed. Even take out the Prez if he threatens to sign any bill that would not be favourable of Microsoft. We constantly run into our major foe, Apple, and fight hand-to-hand combat in the street and the patent office.

    After announcing this initiative, I am in grave danger. Within a few weeks I will be tracked by other operatives by the GPS on my windows phone... if the battery doesn't die first.

    --
    "That's the way to do it" - Punch
  9. If it only helped... by Opportunist · · Score: 5, Interesting

    Have to remain vague to be in accordance of NDAs, but I've been part of such a sting before. On the "good" side, don't get your panties in a knot. It's not as glamorous as it may look at first (it's decidedly NOT like on TV to raid a server hoster). We went in, we cashed in the servers, we went back out, all with the aid of the hoster who, in turn, didn't do anything wrong but was required to cooperate, and did so quite easily. You wave that warrant in front of their nose and they do whatever you want (as long as it's in the warrant, of course).

    Before we had the servers dissected and analyzed, the bot herders rerouted to other controlling servers. It's like playing whack-a-mole. The time wasted to get every kind of evidence collected so everything's in order and you get the necessary paperwork ready is a billion times what's needed for the other side to switch over to new servers. And they know that bloody well.

    Before you get the wrong idea, the solution is NOT to eliminate due process and let me go nuts on every server hoster in the country, seizing servers as I please. This is not going to do any good. Or rather, do more ill than good. The solution is on the client's side. It's trivial to come up with something that can analyze network traffic and identify bot traffic. Of course, such a device has to be under the control of the customer. Not the ISP. The field for abuse is even wider there. Require people to monitor their traffic. Net access is no more a right than the right to drive a car, and here you have to make sure that your car does not cause trouble to other participants in traffic, why should that not apply for the internet?

    This can easily be rolled into a little box that gets updates regularly from its maker, with the current markers for bot traffic, not unlike how we deal with malware on computers already. Just that this time the box is not prone to user idiocy, clicking "yeah, go on" whenever some trojan wants a new home.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  10. Re:Physical Seizures? by Rogerborg · · Score: 5, Funny

    Ah, so you have a Windows phone! Now we just need to figure out who the other guy is.

    --
    If you were blocking sigs, you wouldn't have to read this.
  11. Re:Microsoft CAUSES botnets by hjf · · Score: 4, Interesting

    I had a linux server owned (rootkitted, had to reinstall completely), and it became part of a spam sending botnet.

    So, fuck you.