Microsoft strikes at Zeus botnets

Microsoft Zeus botnet structure

Microsoft has struck again at malware operators and cybercriminals, this time raiding data centers in Pennsylvania and Illinois to seize command and control servers and domain names allegedly used to control multiple Zeus botnets. Microsoft coordinated the raid in a manner similar to the company’s successful takedown of the Rustok botnet a year ago, quietly obtaining a federal warrant on the basis of civil suits against the botnet operators, then moving swiftly to take down servers and domain names hosting the operations. However, there are new twists this time: Microsoft used the RICO anti-racketeering laws to go after the botnet operations, and for the first time it partnered with other organizations (including Kyrus Tech, the Financial Services – Information Sharing and Analysis Center (FS-ISAC) and the NACHA – The Electronic Payments Association) to pull off the takedown.

“With this action, we’ve disrupted a critical source of money-making for digital fraudsters and cyberthieves, while gaining important information to help identify those responsible and better protect victims,” said Microsoft’s Digital Crimes Unit senior attorney Richard Boscovich, in a statement.

The Zeus malware is not new, but it has been one of the most successful malware operations to date. Microsoft says it has detected up to 13 million Zeus infections since 2007, with over 3 million infected systems in the United States. Zeus typically spreads via drive-by phishing scams: botnet operators send spam messages that look to be alerts from financial institutions or other organizations warning users they need to take immediate action to protect their accounts. Once users click the link, they’re taken to a site that attempts to exploit security holes in users browsers and/or operating systems to install malware. Once installed, Zeus can monitor the online activity of an infected computer, down to keystroke logging: when a user connects to their band or an e-commerce site, their credentials are nabbed and sent along to the botnet operators, who then use the account details to commit fraud — or sell the information upstream to folks who will.

Microsoft was able to conduct the seizures through a successful pleading before the U.S. District Court for the Eastern District of New York, giving the company a federal warrant to perform a coordinated seizure of systems escorted by U.S. Marshals. Microsoft says the seized systems and domains represent “some of the worst known Zeus botnets;” however, it’s important to note that plenty of other Zeus operations are still out there: consumers shouldn’t let down their guards. That said, Microsoft believes the move will “significantly impact the cybercriminals’ operations and infrastructure.”

The takedown marks the first time Microsoft has used RICO to go after botnet operators — and may be the first time RICO has been applied to to consolidate civil cases against botnet operators. (The civil cases are initially based on trademark law: those fake phishing email use trademarks from Microsoft and other organizations). It’s also the first time Microsoft has targeted multiple botnets with a single action, and the first time other plaintiffs have joined in one of Microsoft’s takedowns.


Is your PC safe? Foreshadow is the security flaw Intel should have predicted

Three new processor vulnerabilities have appeared under the 'Foreshadow' banner. They're similar in nature to Meltdown and Spectre, only they steal data from different memory spaces. Here's everything you need to know.
Movies & TV

'Prime'-time TV: Here are the best shows on Amazon Prime right now

Amazon Prime brings more perks than just free two-day shipping. Subscribers get access to a huge library of TV shows to stream at no extra cost. Here are our favorite TV shows currently available on Amazon Prime.

Color grading pushes Pinnacle Studio 22 toward more pro video editing features

Designed for videographers that aren't pros but aren't basic users either, Pinnacle Studio 22 expands its advanced tools with color grading and four-point editing. The updates bring more advanced tools to the platform.
Emerging Tech

Buying on a budget? Here’s all the best tech you can snag for $25 or less

We live in a world where you can get a cheeseburger for $1, a functioning computer for $5, and thousands of HD movies for $10 -- so it stands to reason that you should be able to pick up some pretty sweet gear for $25.

Australian student hacks into Apple, steals 90GB of data because he’s a ‘fan’

A 16-year-old student in Australia broke into Apple’s network multiple times for an entire year to download 90GB of “secure” data and access customer accounts. He did this because he was a "fan."

Google claims censored search in China is ‘not close’ as employees protest

Google CEO, Sundar Pinchai, has promised employees that the company is "not close" to releasing a censored search product in China, despite claims that it was working on such a project.

Qualcomm’s Snapdragon 850 chip appears in benchmarks with improved performance

A benchmark for Qualcomm’s new Snapdragon 850 processor show a less-than-stellar increase in multi-core performance over the previous 835 chip. Introduced in June, the Snapdragon 850 promises up to 30 percent better performance.

Adobe Spark Page makes web design easy — here’s how to use it

Using artificial intelligence and simple tools, Adobe Spark Page is designed for easy web page design. Here's how to use Adobe Spark Page to create a travel journal, event page or any other one-page website.

Best Buy drops the price of MacBooks for its anniversary sale

It's not every day you see a MacBook sale like this, so you'll definitely want to consider these savings -- especially if you're a student. Students can save an additional $150 just by signing up for Best Buy student deals.

Walmart Back to College sale: Save big on computers, TVs, tablets, and more

Walmart's Back to College sale is your chance to score big discounts on name-brand electronics, so whether you're getting ahead of the new school year or just doing some shopping, we've picked out the best deals that can save you hundreds…

These 30 apps are absolutely essential for Mac lovers

There are literally hundreds of thousands of great software programs compatible with MacOS, but which should you download? Look no further than our list of the best Mac apps you can find for the latest MacOS and how they can help out your…

Apple’s rumored entry-level MacBook may appear in September starting at $1,200

Apple may reveal new products in September including an entry-level 13-inch MacBook based on Intel’s seventh-generation processors. Apple originally intended these units to rely on Intel’s now-delayed 10nm “Cannon Lake” processors.

AirDrop makes sending files to Apple devices easy -- here's how

Want to send files or photos to your friends when you're standing directly beside them? Instead of texting or emailing, why not learn how to use AirDrop? Here's everything you need to know about using AirDrop on both iOS and MacOS.

Stay safe on the web and save up to $70 with McAfee Total Protection

If you don't have some sort of protection on your phone, tablet, or computer, you're basically leaving the door open for anyone looking to do some cyber burgling. Protect yourself for a year with McAfee Total Protection for just $30.