Microsoft has identified two of the 39 defendants in an ongoing legal assault on botnet activity.
In an amended complaint filed last week in federal court, Microsoft identified Yevhen Kulibaba and Yuriy Konovalenko as part of its war effort against botnets using the Zeus family of malware. Both Kulibaba and Konovalenko were charged in the U.K. two years ago with being involved with a gang that stole more than $30 million from banks around the world between October 2009 and September 2010. Both men are currently incarcerated.
“We are pleased to announce that we have identified and named two defendants as members behind the Zeus botnet family, and that we will also be referring the case to the FBI for criminal review, turning over all of the evidence gathered so far, including evidence of a broader group of perpetrators beyond the named defendants,” blogged Richard Boscovich, a senior attorney with the Microsoft Digital Crimes Unit.
“Our hope is that the evidence we provided to the FBI in this case will lead to a criminal investigation that brings the perpetrators to justice,” he added.
Back in March, Microsoft announced that a joint effort with the Financial Services Information Sharing and Analysis Center (FS-ISAC) and NACHA – The Electronic Payments Association had successfully disrupted Zeus operations by seizing the command and control servers running some of the worst Zeus botnets. As a result of the operation, Microsoft began monitoring 800 domains associated with the command and control structure.
According to Microsoft, the number of Zeus infections observed from March 25-31 as determined by IP address was 779,816, but that number dropped to 336,393 between June 17 and June 23.
“As I’ve written previously, the goal of this operation was not to entirely take out all of the botnets running on Zeus-based malware,” Boscovich blogged. “Microsoft and our financial industry partners sought to help protect innocent people by disrupting the Zeus business model and increasing the cost of doing business for cybercriminals. I’m happy to report that we are already seeing proof that our disruptive actions were successful in achieving this goal. We mitigated the threat and caused long-term damage to the cybercriminal organization that relies on these botnets for illicit gain.”
