Threat Research & Response Blog
We have discussed in the past our collaboration with external parties to combat botnet threats to further the betterment of the Internet, such as Operations b49, b107 and b79. This week, Microsoft has partnered with security experts and the financial services industry on a new action codenamed Operation b71 to disrupt some of the worst known botnets using variants of the notorious Zeus malware (which we detect as Win32/Zbot).
Due to the complexities of these targets, unlike Microsoft’s prior botnet operations, the goal of this action was not the permanent shutdown of all impacted Zeus botnets. However, this action is expected to significantly impact the cybercriminals’ operations and infrastructure, advance global efforts to help victims regain control of their infected computers and also help further investigations against those responsible for the threat.
The Zbot /Zeus threat has targeted the financial sector for quite some time. We documented the threat in detail in a special Security Intelligence Report whitepaper published in 2010.
Millions of dollars of fraud are a result of this family of threat and it has taken cross-industry collaboration to take effective action against it. Microsoft has partnered with FS-ISAC, NACHA, Kyrus Tech, F-Secure and others to disrupt a large portion of the command and control infrastructure of various botnets using Zbot, Spyeye and Ice IX variants of the Zeus family of malware. More information about this operation can be found here: http://blogs.technet.com/b/microsoft_blog/archive/2012/03/25/microsoft-and-financial-services-industry-leaders-target-cybercriminal-operations-from-zeus-botnets.aspx
The Microsoft Malware Protection Center (MMPC) is proud to have supported this action, which represents the fourth operation of Project MARS - a component of Microsoft’s End-to-End Trust initiative. Project MARS is a joint effort between the Microsoft Digital Crimes Unit, MMPC, Microsoft Support and the Trustworthy Computing team to annihilate botnets and help make the Internet safer for everyone.
MMPC is committed to partnering across the industry to help disrupt threats to the Internet and our customers. We will have more to share on Project MARS and related operations as we move forward.
--Jeff Williams, Principal Group Program Manager