Zeus botnet ‘nuked’ 100,000 Windows PCs

Criminal controllers of a Zeus botnet server flicked a nuclear' switch that destroyed' the operating system of 100,000 affected computers, a researcher has claimed.

According to the Washington Post and his own security blog, Swiss IT expert Roman Hssy witnessed the Zeus Command & Control (C&C) server send out KOS (Kill Operating System) commands which would incapacitate and prevent the OS from loading.

The C&C botnet server hosted five different Zeus installations that controlled more than 100,000 computers that were located mainly in Poland and Spain.

Security expert Jozsef Gegeny said on the S21sec blog that banking trojans such as Zeus usually had this functionality, and and when Zeus' nuclear method was tested it resulted in the "blue screen of death".

He questioned why an attacker would want to take a victim's computer offline, and suggested that it was because a phishers might want to earn more time.

He said: "Taking the victim away from internet connection before the unwanted money transfer is realised and further actions could be taken."

Bruce Schneier, chief security technology officer for BT, said on his blog that he believed it could be sign that "botnet wars" were heating up.

He said: "Botnet designers would rather destroy their networks than have them fall into 'enemy' hands."