Microsoft Conducts More Raids to Stop Criminals Behind Botnets

April 6, 2012

An article in the New York Times outlines the latest counterattack by Microsoft and law enforcement agencies as they work to shut down what the article calls “one of the most pernicious forms of online crime today — botnets, or groups of computers that help harvest bank account passwords and other personal information from millions of other computers.”

Congratulations to Microsoft for their dedication to helping all internet users have a safer, more trusted experience.

As this raid highlights, the often heard desire to blame some rogue country for facilitating online crime, or at least to blame an underdeveloped country for failing to maintain proper oversight of their internet traffic, is unwarranted. This week’s sweep targeted command and control servers in Scranton, Pennsylvania and Lombard, Illinois. How banal is that?

Heading up the initiative from Microsoft was Richard Domingues Boscovich, senior attorney in Microsoft’s Digital Crimes Unit on the official Microsoft. Here are excerpts from the company’s official blog:

“As you may have read, after a months-long investigation, successful pleading before the US District Court for the Eastern District of New York and a coordinated seizure of command and control servers in Scranton, Pennsylvania and Lombard, Illinois, some of the worst known Zeus botnets were disrupted by Microsoft and our partners worldwide.

Valuable evidence and intelligence gained in the operation will be used both to help rescue peoples’ computers from the control of Zeus, as well as in an ongoing effort to undermine the cybercriminal organization and help identify those responsible.

Cybercriminals have built hundreds of botnets using variants of Zeus malware. For this action – codenamed Operation b71 – we focused on botnets using Zeus, SpyEye and Ice-IX variants of the Zeus family of malware, known to cause the most public harm and which experts believe are responsible for nearly half a billion dollars in damages. Due to the unique complexity of these particular targets, unlike our prior botnet takedown operations, the goal here was not the permanent shutdown of all impacted targets. Rather, our goal was a strategic disruption of operations to mitigate the threat in order to cause long-term damage to the cybercriminal organization that relies on these botnets for illicit gain.”

This is the fourth high-profile takedown operation in Microsoft’s Project MARS (Microsoft Active Response for Security) initiative – a joint effort between DCU, Microsoft Malware Protection Center (MMPC), Microsoft Support and the Trustworthy Computing team to disrupt botnets and begin to undo the damage they cause by helping victims regain control of their infected computers. As with our prior takedowns, Microsoft will use intelligence gained from this operation to partner with Internet service providers (ISPs) and Community Emergency Response Teams (CERTs) around the world to work to rescue peoples’ computers from Zeus’ control. This intelligence will help quickly reduce the size of the threat that each of these botnets pose, and make the Internet safer for consumers and businesses worldwide.”

You play a role in online security

Are you contributing to the botnet problem? If any of the following statements sound familiar, you are a botnet risk.

  • Your anti-virus and anti-malware tools haven’t been updated since you bought your computer.
  • You’ve ignored those pesky popups telling you that your computer, browser, or programs need updating to get the latest security fixes installed.
  • You love chain emails, and answering survey’s and quizzes.
  • You respond to spammers asking them to stop spamming you.
  • You trust links you come across in emails, Twitter & Facebook and in online ads.
  • You don’t know a phish from a fish, a worm from a grub, or what a botnet is.

4 simple steps can make all the difference in your level of security protection – and in the protection of the whole internet

  1. Start by ensuring your computers are up-to-date with all available patches, fixes, and upgrades.
  2. Then confirm your browsers are up-to-date with all available patches, fixes, and upgrades.
  3. Next, check to see that your security software is up-to-date with all available patches, fixes, and upgrades.
  4. Now, strengthen your spam filters, and smarten up about spam so you don’t click on malicious links.

Learn more about how to protect yourself and your devices in these blogs:

Are You Sure Your PC is Malware Free??

Are You a Malware Magnet? 4 simple steps can make all the difference

Every 3 Seconds an Identity is Stolen – Don’t Be Next

Need help understanding botnets?

See my blogs What are Bots, Zombies, and Botnets? And  McAfee Infographic Makes Botnets Understandable.

Here’s a quick illustration to get you started…

Note: I was a Microsoft Employee for 13 years, until the fall of 2006. I have written both positive and less favorable articles on Microsoft, but hold an abiding respect for the company’s ongoing commitment to security and to providing a responsible, trustworthy environment for consumers.