Microsoft Corp claimed it had confiscated several servers used to steal login names and passwords, disrupting some of the world’s most sophisticated cybercrime rings.
The software maker said on Monday that its cybercrime investigation group also took legal and technical actions to fight notorious criminals who infect computers with a prevalent malicious software known as Zeus.
By recruiting computers into networks called botnets, Zeus logs the online activity of infected machines, providing criminals with credentials to access financial accounts.
“We’ve disrupted a critical source of money-making for digital fraudsters and cyber thieves, while gaining important information to help identify those responsible and better protect victims,” said Richard Boscovich, senior attorney for the Microsoft Digital Crimes Unit, which handled the investigation in collaboration with the financial industry.
Microsoft’s Digital Crimes Unit is worldwide team of investigators, lawyers, analysts and other specialists who fight cybercrime. A year ago they helped U.S. authorities take down a botnet known as Rustock that had been one of the biggest producers of spam e-mail. Some security experts estimated that in its heyday Rustock was responsible for half the spam in junk email bins.
The company said the moves announced Monday had not dealt a fatal blow to Zeus, which is available for download on websites frequented by criminal hackers. It is used to manage many botnets, including ones that were not impacted by Microsoft’s actions.
“The goal of this action was not to permanently shut down all impacted Zeus botnets,” Microsoft said in a release, citing the complex nature of the networks.
Microsoft said it sought to damage the operations and infrastructure of the botnets, gather information to identify the criminals and help find and rescue some infected machines.
The company said that U.S. Marshalls helped it seize servers on Friday at hosting centers in Scranton, Pennsylvania and Lombard, Illinois after it won a court order from a U.S. District judge in
Microsoft said the team had also shut down some channels that criminals were using to communicate with infected machines and had begun monitoring other parts of the infrastructure.
The software maker said it conducted the operation in collaboration with security firm Kyrus Tech and several financial services industry groups, including the Financial Services Information Sharing and Analysis Center (FS-ISAC) and the National Automated Clearing House Association