X

Microsoft identifies two Zeus botnet crime ring suspects

The pair, who are linked to a malware network that stole more than $100 million, are already in custody in the U.K.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
See full bio
Steven Musil
2 min read

Microsoft released the identities of two alleged members of the Zeus botnet crime ring, which used an estimated 13 million computers infected with the malware to steal more than $100 million.

The botnet operators used the software to show fake or modified Web sites when victims tried to use real banking sites, log their keystrokes to capture victims' identity information, and then use that information to steal money from victims' accounts.

The software giant announced today it had amended a complaint last week to add Yevhen Kulibaba and Yuriy Konovalenko as defendants. The pair is already serving time in the U.K. for other Zeus-related convictions, Microsoft said.

"Our best efforts to identify the remaining John Doe defendants turned up no response," Richard Domingues Boscovich, senior attorney with Microsoft's digital crimes unit, said in a company blog post. "We will continue our efforts to serve defendants Kulibaba and Konovalenko, and the John Doe defendants, with this amended complaint."

Boscovich also noted that since simultaneous raids in March, Zeus botnet infections had declined by about 50 percent. Microsoft and financial services organizations, with an escort of U.S. Marshals, seized command-and-control servers during raids in Scranton, Pa., and Lombard, Ill.

"These successful results represent a significant advancement for the people that Microsoft, the financial industry and law enforcement are all focused on protecting as customers and citizens," Boscovich said.

Over the past three years, Microsoft used court orders to seize command-and-control servers, which run networks of infected machines called botnets, to cripple the operations of the Waledac, Rustock, and Kelihos botets.

The takedown of the Rustock botnet cut the volume of spam across the world by one-third, Symantec reported in March 2011. At its peak, the notorious botnet was responsible for sending out 44 billion spam messages per day, or more than 47 percent of the world's total output, making it the leading purveyor of spam.