Skip to main content

Microsoft names and shames Zeus botnet suspects in UK custody

Microsoft this week identified two individuals who the company said are part of the Zeus banking Trojan and stole more than £60 million.

As part of the Microsoft Active Response for Security (MARS) program, the company named defendants Yevhen Kulibaba and Yuriy Konovalenko, who are already serving jail time in the UK for other Zeus malware-related charges, according to Microsoft.

The banking Trojan records a computer user's keystrokes, and then allows access to usernames and passwords for theft of victims' identities and bank accounts. Once installed, the malware automatically begins hacking, without the user's knowledge.

In a March complaint, the company said that the group of "John Doe" defendants violated Federal and state laws by operating a computer botnet through Internet domains and IP addresses, "causing unlawful intrusion, intellectual property violations and dissemination of unsolicited bulk email" toward Microsoft and its customers.

The goal was not to entirely blot out all botnets running on Zeus-based malware, Microsoft Digital Crimes Unit senior attorney Richard Domingues Boscovich wrote on the company's blog, but to simply disrupt the Zeus model and increase the cost of doing business for cyber criminals, Boscovich said.

Since seizing command and control of servers suspected of controlling computers infected with the Zeus family of malware in March, Microsoft reported a 57 per cent drop in worldwide Zeus infections in the last three months. The company also located hundreds of thousands of compromised computers, Boscovich said, adding that "we want to rid their machines of the Zeus malware for good."

The Digital Crimes Unit will coordinate with Internet service providers and Community Emergency Response Teams around the world to regain control of infected machines.

Zeus botnets are basically computer networks built by criminals using the Zeus infection crimeware kits, which Microsoft said sells in the criminal underworld for anywhere between £450 and £10,000. Users can create malware, spam campaigns, and server software to keep an eye on infected computers.

Microsoft referred the case to the FBI for criminal review, handing over all evidence, including information about a broader group of perpetrators beyond the named defendants.

"By referring this case to the FBI [...] we are affirming our commitment to coordinating our efforts with law enforcement," Boscovich said.

Image credit