BALTIMORE — Microsoft and the banking industry Monday provided a detailed account of an operation they said disrupted a major cybercrime operation that used malicious software to steal $100 million from consumers over the last five years.
A senior attorney from Microsoft's digital crimes unit, Richard Boscovich, said the companies used a creative legal strategy as part of a lawsuit that targeted a network of computers suffering from an infection known as “Zeus.” The computers were under the remote control of a group that stole personal information, financial credentials and money.
The Zeus network has not been eliminated, Boscovich said, but the action has made it much more difficult and expensive for the criminals to operate.
“This was an initial volley,” said Boscovich, who said Microsoft and other companies will continue to target the Zeus network.
A federal judge approved a warrant authorizing the raid in March against computer servers at hosting centers in Illinois and Pennsylvania. Attorneys for Microsoft, the Electronic Payments Association and the Financial Services Information Sharing and Analysis Center had filed a lawsuit claiming the Zeus network had infected 13 million computers since 2007. Boscovich said he believes the people behind the botnets are in Eastern Europe. U.S. marshals accompanied Microsoft employees on the sweep, he said.
The Zeus network sent spam email with corporate trademarks and a message that directed victims to download an attached file or open an attached link.