Microsoft moves to disable Zeus botnet

Padlock on top of credit card and keyboard
Image caption The Zeus malware logs keyboard input when users log in to banking websites

A global operation has been undertaken to disable a number of botnets believed to be responsible for the theft of millions of pounds, Microsoft has said.

The company is working in collaboration with financial services to disable botnets powered by Zeus malware.

Microsoft described the action as its "most complex effort to disrupt botnets to date".

However, security company Sophos Labs said it had not seen any "significant disruption" to the illegal network.

Senior attorney for Microsoft's Digital Crimes Unit Richard Boscovich gavedetails of the operation in a blog post.

"Cybercriminals have built hundreds of botnets using variants of Zeus malware," he wrote.

"For this action - codenamed Operation b71 - we focused on botnets using Zeus, SpyEye and Ice-IX variants of the Zeus family of malware, known to cause the most public harm and which experts believe are responsible for nearly half a billion dollars in damages."

Freely available

He added that due to the "unique complexity" of the targets, the company's goal was not to take down the botnet completely - but instead to implement "strategic disruption".

However, security blogger Graham Cluley wrote that he was yet to see any sign of action being taken against the illegal networks.

"Sophos Labs hasn't seen any evidence of significant disruption to Zeus's activities through Microsoft's action,"he wrote.

"Because Zeus and SpyEye are sold as kits any takedown against specific botnets will not affect all the other botnets which are still out there.

"Since the kits are still available (freely in source form in the case of Zeus) it is highly likely that we will continue to see botnets created using them."

Zeus malware - and other variants of it - makes use of keylogging, a technique in which hidden software logs words and numbers typed into a person's keyboard.

This can then be used to discover bank account details and other critical private information.

Crimeware kit

More worrying, Mr Boscovich wrote, was that the Zeus system is sold to criminals as a crimeware kit - typically selling for between $700 (£440) and $1,500 (£941) - allowing extra botnets to be created, increasing the threat.

He said that Microsoft estimates that more than 13 million computers have been infected with Zeus malware worldwide.

In court filings, Microsoft detailed 40 online aliases of people they suspect of being responsible for writing the malicious code.

Botnets like Zeus are created by the spread of malicious software, often via infected emails or web browser vulnerabilities.

Each "bot", as they are known, is a hijacked computer which can be used by hackers for any number of illegal activities.

Users can protect themselves from such threats by regularly updating security software, and being wary of email attachments from senders they do not know or trust.

More on this story