Accompanied by US marshals, Microsoft employees raided office buildings in Scranton, Pennsylvania and Lombard, Illinois on Friday; seizing servers believed to be running botnets used for identity theft. The botnets are infected with the Zeus family of malware, which uses keylogging to go after a user's financial information. Microsoft is reporting 13 million suspected Zeus infections worldwide since 2007, with more than three million just in the US.
If you're wondering what Microsoft is doing carrying out raids on office buildings, we're right there with you. It turns out that the company's Digital Crimes Unit (DCU) has used a bit of legal ingenuity to go after criminals directly — by filing a civil suit claiming the botnets violate Microsoft's trademarks, and asking the court for permission to go after their command and control structures. In the complaint, brought before the US District court for the Eastern District of New York, Microsoft (along with co-plaintiffs from the financial world) claim that the Zeus software is available for purchase as a "builder kit" for between $700 and $15,000, depending on the degree of tailoring required by the customer/criminal. For that fee, you get software to generate executable botnet code, configuration files, and web server files that you can deploy on your own command and control server.
Microsoft acknowledges that the complexity of the Zeus family of botnets makes a complete shutdown impossible, but it believes this raid will significantly impact the organizations behind the scenes. The company says the case and operation are ongoing, and we'll keep you posted on future developments.