Microsoft’s has a message for cyber thugs stealing bank accounts from millions of Windows PCs: You’re going down.A judge today signed an injunction against 39 hackers running a botnet built with malicious software known as Zeus, reports Bloomberg.
Hackers use spam to trick people into downloading Zeus. Zeus hides and steals people’s bank account passwords. Some 13 million PCs were infected.
Today’s court order followed Microsoft’s physical take-down of servers running the Zeus botnet.
Business Insider talked with Richard Boscovich, senior attorney for Microsoft’s Digital Crimes Unit about the raid, the DCU and his role.
Here’s how it went down: On Friday, Boscovich marched into an Internet hosting site, flanked by two armed U.S. Marshals and a group of forensics experts. They seized the botnet servers.
It was the fourth botnet Microsoft helped take down. It was a complex mission because multiple teams raided Zeus servers worldwide.
They took out Zeus in two U.S. locations, Scranton, Pa., and Lombard, Ill. Boscovich was part of the Scranton raid. Boscovich, a former U.S. attorney says, “I was on raids for 18 years. This felt the same.”
Boscovich started life as a tax attorney. This lead to prosecuting bank robberies which lead to fighting cyber crime. This lead to a phone call in 2008 telling him about a crime fighting job at Microsoft. Funny thing, he’s no geek. He still types with two fingers.
The Digital Crimes Unit is an oddball unit for a software company. It’s like a modern day, privatized version of Elliot Ness and The Untouchables. Although it includes Microsoft programmers and security experts, it is also staffed with lawyers, ex-cops and ex Air Force investigators.
Years ago, Ness stopped Al Capone by prosecuting him for income tax evasion. The DCU wants to stop cyber thugs by raising the costs of using botnets.
For criminals “botnets are fantastic because you are using other people’s electricity and processing power. You literally have supercomputers for free,” Boscovich says. They can send billions of spam, or fraudulently click on millions of ads. Botnet owners sell their bots to other criminals.
Boscovich says that taking down bots raises costs by making the bad guys “have to look over their shoulders because someone is going to come along and rip it away from them.”
It seems to be working.
Last September, Microsoft helped take down the Kelihos botnet. The crooks got another one up and running pretty quickly, but security firm Kaspersky was able to find it and help take it down again. Microsoft previously took down botnets named Waledac and Rustock, too.
Here’s a video that shows the Zeus botnet raid in action.