Unique team takes down the Zeus botnets.
This was reality. A network that had controlled around 3.5 million computers-spitting out literally hundreds of millions of phishing and spam emails daily-had been dealt a crippling blow by an effort that brought together Microsoft, NACHA, the Financial Services-Information Sharing and Analysis Center (FSISAC) and the U.S. government.
A prime and continuing consumer worry with online and mobile banking is over security issues and Zeus, the principal piece of malware causing disruption in financial channels, emerged as the natural target of this collaborative effort.
"Our goal was to disrupt the Zeus criminals," said Richard Boscovich, a senior attorney at Microsoft who created much of the legal strategy behind this unusual private- and public-sector collaboration. Pivotal to the strategy was Microsoft's contention, accepted by federal judges, that the Zeus botnet fell under the Racketeering Influenced and Corrupt Organizations statute, whichlet Microsoft and other private-sector parties pursue civil remedies under RICO. "We knew we could take out the botnet. The question was, could we do it legally? We found the way to do that," said Boscovich.
Microsoft of course also had unique skin in the game because only computers running Windows are known to be vulnerable to Zeus malware, which lets a third party take control of a computer without the owner having any knowledge this has occurred. The malware does not run on Apple, Linux or Chrome OS machines.
Microsoft also played a wild card in that it knew its free HotMail product was widely used by botnet spammers, and it invoked its terms of service, which let it legally look deeply into any violations it uncovered. This also let Microsoft delve into traffic patterns and sources of the spam. "Microsoft is in a unique position because of the Hotmail [terms of service]," said Boscovich.
What good could one raid do? Estep said that after the raid instances of phishing emails that fraudulently used NACHA logos dropped by 90%.
"After the raid," added Boscovich, "26% of Zeus botnets were under Microsoft control." Due to legal complexities and cross-border issues, Microsoft has not communicated with the owners of the infected computers. It hopes to work with Internet service providers to communicate to their customers with infected computers.
Don't think this raid puts Zeus criminals out of business. There remain many millions more infected machines that continue to operate under the command and control of remote criminals. But, said Boscovich, "we are raising their costs of doing business. They will need more sophisticated coding. It will take them more time."
"This was a disruption, not a complete kill," admitted Boscovich.
But he left little doubt that Microsoft has an appetite for still more direct assaults on criminal networks. "Next time our approach will be different still," said Boscovich.
ROBERT MCGARVEY firstname.lastname@example.org
|Printer friendly Cite/link Email Feedback|
|Publication:||Credit Union Times|
|Date:||May 9, 2012|
|Previous Article:||Technology, consumers put small FIs in mortal danger.|
|Next Article:||NY taxi dispute on liveries.|