Recently, Microsoft and its partners in the banking industry revealed a behind-the-scenes detailed look at a raid they claim disrupted a large-scale cybercrime outfit. The cybercrime operation employed malicious software to allegedly steal from consumers during the past five years. All told, the cybercrime syndicate supposedly stole $100 million.
Richard Boscovitch of Microsoft’s digital crimes unit said the banks and Microsoft employed a creative legal strategy to combat the “Zeus” software infection. The legal strategy used a civil suit to get to a network of computers that were infected. The computers formed a “botnet” which was remotely controlled by a criminal gang that stole consumers’ money, financial information, and personal information. While Boscovitch admits that the Zeus network has not been completely knocked out, he said Microsoft’s action made it much harder and more expensive for cybercriminals to operate. Boscovitch said that this was just the first round of Microsoft and other firms’ actions against the Zeus network.
Microsoft’s actions took place this way: the software firm’s attorneys along with lawyers for the Electronic payments Association and the Financial Services Information Sharing and Analysis Center filed a civil lawsuit claiming the Zeus botnet had infected millions of computers since 2007. A federal judge approved a warrant which authorized Microsoft and federal agents’ raids on data centers in Pennsylvania and Illinois. What made the raids unusual is the creative legal strategy Microsoft used to effect the raid. The company used existing trademark infringement and RICO laws to request a federal judge to “takedown” the botnet’s central command servers.
The botnet was used by the cybercriminals, based in Eastern Europea according to Boscovitch, for “phishing” campaigns where victims were spammed official-looking emails complete with corporate trademarks. When users clicked the spam’s links, they were taken to either an attack site which infected their computers with the Zeus software or they were taken to an official looking financial site, which tricked users into trying to log in with their account information.