Microsoft identifies two Zeus botnet crime ring suspects
Microsoft released the identities of two alleged members of the Zeus botnet crime ring, which used an estimated 13 million computers infected with the malware to steal more than US$100 million.
The botnet operators used the software to show fake or modified websites when victims tried to use real banking sites, log their keystrokes to capture victims' identity information and then use that information to steal money from victims' accounts.
The software giant announced today that it had amended a complaint last week to add Yevhen Kulibaba and Yuriy Konovalenko as defendants. The pair is already serving time in the UK for other Zeus-related convictions, Microsoft said.
"Our best efforts to identify the remaining John Doe defendants turned up no response," Richard Domingues Boscovich, senior lawyer with Microsoft's digital crimes unit, said in a company blog post. "We will continue our efforts to serve defendants Kulibaba and Konovalenko, and the John Doe defendants, with this amended complaint."
Boscovich also noted that since simultaneous raids in March, Zeus botnet infections have declined by about 50 per cent. Microsoft and financial services organisations, with an escort of US marshals, seized command-and-control servers during raids in Scranton, Pennsylvania and Lombard, Illinois.
"These successful results represent a significant advancement for the people that Microsoft, the financial industry and law enforcement are all focused on protecting as customers and citizens," Boscovich said.
Over the past three years, Microsoft used court orders to seize command-and-control servers, which run networks of infected machines called botnets, to cripple the operations of the Waledac, Rustock and Kelihos botets.
The takedown of the Rustock botnet cut the volume of spam across the world by one third, Symantec reported in March 2011. At its peak, the notorious botnet was responsible for sending out 44 billion spam messages per day, or more than 47 per cent of the world's total output, making it the leading purveyor of spam.