Cyber investigators from Microsoft, joined by a team of United States marshals, raided offices in Pennsylvania and Illinois Friday to disrupt a global network of more than 13 million infected computers that they said helped cyber criminals steal $100 million in the past five years.
The coordinated seizure of computer servers at two hosting centers in Scranton, Pa., and Lombard, Ill., was "our most complex effort to disrupt botnets to date," Richard Boscovich, a senior attorney at Microsoft's Digital Crimes Unit, said in a blog post.
Botnets are global networks of infected computers that allow cyber criminals to steal consumer financial data. They grow in size as computer users accidentally click on a malicious link or file, and their PCs begin performing automated tasks that help cyber criminals commit identity theft.
Microsoft, whose aim is to secure its Windows operating system that still dominates the market, alleges that botnets infected with the so-called Zeus malware can record users' computer keystrokes to steal usernames and passwords linked to online bank accounts. In addition to stealing more than $100 million, the botnet operators have sold hundreds of versions of Zeus -- with various levels of sophistication -- for between $700 and $15,000, Microsoft said.
On March 19, Microsoft filed suit in federal court in Brooklyn against 39 unnamed defendants. The suit asked a judge for permission to raid the offices in Illinois and Pennsylvania, and shut down the command servers of the botnets. Financial Services Information Sharing and Analysis Center and the National Automated Clearing House Association were also on the complaint with Microsoft.
Boscovich said this was Microsoft's fourth raid, all of which have gathered "valuable evidence and intelligence" to help rescue computers from botnets and identify the cybercriminals behind them. Operators of the hosting centers that were raided told the New York Times they were unaware the equipment inside their facilities was being used for a botnet.
Boscovich called the raid "a strategic disruption of operations" meant to cause "long-term damage to the cyber criminal organization that relies on these botnets for illicit gain."
"We don't expect this action to have wiped out every Zeus botnet operating in the world," Boscovich said. "However, together, we have proactively disrupted some of the most harmful botnets, and we expect this effort will significantly impact the cybercriminal underground for quite some time."
Microsoft's raids are part of a growing effort in the public and private sector to disrupt botnets. On Thursday, the Federal Communications Commission announced commitments from most of the nation's Internet service providers to adhere to a voluntary "code of conduct" to fight networks of infected PCs. The companies pledged to detect whether customers' computers have become robots -- or "bots" -- and notify and help customers whose computers are infected.
The Zeus botnet spread largely through misleading spam messages that used a variety of methods to trick users into clicking malicious links. Some fake messages asked users to accept invitations from Facebook friends, accept tax refunds from the Internal Revenue Service, or download a Microsoft “Critical Security Update." Once users clicked on the fake links or files, their computers became infected.
Microsoft said consumers can take several measures to protect themselves, such as keeping their software up-to-date, running anti-virus and anti-malware protection programs, and avoiding clicking on unfamiliar links or email attachments.
Consumers whose computers become part of botnets may notice their machines being unusually slow or crashing frequently, according to the Microsoft Safety and Security Center.
If users realize their computers are infected, they often lack the technical resources to fix the problem. Cleaning an infected computer "can be exceedingly difficult, time-consuming and frustrating," according to Microsoft's complaint.