Home Microsoft Uses RICO Laws To Take Down Zeus Command Servers

Microsoft Uses RICO Laws To Take Down Zeus Command Servers

The next time representatives from Microsoft come knocking on your door, it may be to actually seize your servers. And it is all legit, thanks to the RICO laws. The interesting thing is it is part of its digital crime efforts to disrupt botnet operators. On Friday, Microsoft staffers entered two hosting providers, one in Illinois and one in Scranton, Penn., to seize the command and control computers of two Zeus botnets. Microsoft had sued the operators on the grounds that the botnets violated their copyrights and trademarks by taking control over a series of Windows PCs.

The software giant is working with the Financial Services Information Sharing and Analysis Center and the Electronic Payments Association as well as vulnerability research firm Kyrus Tech. Kyrus reverse engineered seventy different binary files that were associated with Zeus activities and according to their blog entry today contained the following features:

  • HTTP and VNC-like servers.
  • Remote Process Injection. Uses WriteProcessMemory to inject executable code into a remote process. Generally this is either used by debuggers or malware. Since this binary has no debugger functionality, we assume the reason for its inclusion is malicious.
  • Screenshot Capability. Allows this application to save and send back screenshots to the server. This allows an attacker to see what exactly is showing on the victim’s screen.
  • Keyboard Logging Capabilities. Allows the attacker to send keystrokes to a server to get victim’s passwords that are typed into the keyboard.
  • Browser Logging and HTTP injection capability. Hooks nspr4.dll to allow logging and injection of HTTP and HTTPS data.
  • Windows mail download. Allows the attacker to view the victim’s email if the user uses Windows Mail or Outlook Express.

After it has done all of this nasty business, it then runs a batch file to delete itself.



Zeus is highly pernicious and a very active piece of malware, infecting millions of computers around the world. What makes it nastier is that the source code is freely available online, and there are several ways to purchase turnkey implementation kits as well. This is Microsoft’s fourth anti-Zeus raid, showing that civil litigation against malware operators is becoming more commonplace.

Nevertheless, this is a small step forward towards fighting cybercriminals. As the Kyrus blog states, “Fighting the discrete activities launched from such a platform is like shooting down a plane launched from an aircraft carrier: they’re just going to send more planes. If you want to have an impact you need to negatively impact the carrier.”

But it may not be enough.”Ultimately, the most important thing will be to bring those who write the malware, sell the malware, buy the malware, or profit from its use to justice. Taking over web servers is one thing, but unless the people behind the Zeus and other malware operations are brought to book, the crime is just going to continue.” says Graham Cluley, writing today in the Sophos Naked Security blog.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.