Microsoft names two defendants in Zeus botnet case

Both are from Ukraine and are doing time in U.K. prison on other botnet charges

Microsoft has put faces and names to two of 39 "John Doe" defendants accused of running Zeus botnets responsible for scamming hundreds of millions of dollars from banks internationally.

The pair were part of the Zeus Racketeering Enterprise described earlier this year in court papers charging the group of anonymous defendants and whose command and control servers were taken down by Microsoft.

The two defendants are already serving time in U.K. prison after admitting last fall of similar crimes there.

BACKGROUND: Microsoft downs Zeus botnet but can't ID who's behind it

MORE: Microsoft leads seizure of Zeus-related cybercrime server

In Microsoft's official blog, Richard Domingues Boscovich, a senior attorney in the Microsoft Digital Crimes Unit, says the company is referring the case to the FBI to see whether it wants to file criminal charges. That includes turning over all the evidence Microsoft has gathered for the two named defendants as well as others not named, Boscovich writes.

The two accused are Yevhen Kulibaba and Yuriy Konovalenko, both Ukrainian nationals and both of whom pleaded guilty to conspiracy to defraud and were sentenced to four and a half years in prison.

In the U.S. case, Microsoft filed a civil suit against 39 defendants it could identify by screen names and IP addresses but not names. Meantime, the company has somehow linked Kulibaba and Konovalenko to two of the John Doe descriptions.

The U.S. case is related to a much publicized seizure of command and control servers in Scranton, Pa., and Lombard, Ill., that were determined by a court to be part of a botnet that was scamming money out of financial institutions and stealing identities.

In his blog, Boscovich notes that since the March takedown of the servers, observed worldwide IP address infections attributable to Zeus has dropped from 779,816 to 336,393, based on sampling done during six-day periods in March and June of this year. The servers were seized March 23.

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies