The Fraud Blog with Tracy Kitten

Did Microsoft Spear Zeus?

Gauging the Success of Operation B71
Did Microsoft Spear Zeus?

Has Operation B71, a collaborative effort to take down Zeus-related botnets, had a major impact?

Supporters say "yes," citing reductions in spam and suspicious e-mail activity.

See Also: Live Webinar | Navigating Identity Threats: Detection & Response Strategies for Modern Security Challenges

The initiative, announced March 25, is a collaborative effort among Microsoft Corp.'s Digital Crimes Unit, FS-ISAC, NACHA and security vendors Kyrus Tech Inc. and F-Secure. On March 23, Microsoft took the lead in seizing command-and-control servers linked to the botnets. The collaborative is pursuing civil actions against the cybercrime groups behind the botnets, some known only by aliases.

Industry sources suggest the botnets that Microsoft took down were part of a major cybercrime operation that used malicious software to allegedly steal $100 million from consumers over the last five years.

Bill Nelson, president and CEO of FS-ISAC, the Financial Services Information Sharing and Analysis Center, notes that a week after the March takedown, about 26 percent of the world's known Zeus command and control centers were in Microsoft's control.

In a statement, NACHA said: "One of the visible impacts of Operation B71 is the reduction in spam/phishing e-mails purported to be from NACHA or using NACHA's logo. Prior to the operation, nearly 11.5 million of these e-mails were being sent each week to unsuspecting users, and that number has dropped to about 1 million."

Plus, NACHA said phone calls from customers about socially engineered schemes alleging to be from NACHA dropped 20 percent.

But despite Operation B71, botnet attacks continue.

This week, Palo Alto Networks said it discovered a botnet operation named Jericho that was targeting banks. The company said it had detected more than 40 unique banking botnet samples.

So how successful will B71 really be over the long haul? Supporters are optimistic. Nelson and others argue that Microsoft's March 2011 takedown of the Rustock botnet helped contribute to a major reduction in spam. And they expect a similar impact from B71.

According to Symantec, which just issued its annual Internet Security Threat Report, spam e-mails dropped to 75 percent of all e-mail traffic in 2011 from 88 percent in 2010. That's a drop of about 20 billion spam e-mails.

"The fact that we've been able to get 20 billion spam messages out of the system ... is a sign that we're making improvements," Nelson says. "It's helping financial services and all of society."

At this point, it's probably too early to tell whether B71 will have a similar impact. But I'm optimistic. The collaboration between Microsoft and financial services is a win in and of itself. The more collaboration and information-sharing, the more progress we will make.

The big question now: Will the trend of taking down botnets and industry collaboration continue?

Let's hope so.

Losses in the ACH/wire fraud space, which are linked to corporate account takeover, dropped to $69 million in 2011 from $110 million in 2010. And some of that reduction may be attributed to botnet takedown efforts.

Banks and credit unions have improved their fraud-detection controls, which obviously have played a role. But the reduction in phishy e-mails likely has had an impact as well.

The more we all collaborate, communicate and share, the better.



About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.