Report: Zeus Flips Kill Switch On More Than 100,000 PCs

Botnet reportedly triggered a little-used capability called "Kill OS," rendering a blue screen on 100,000-plus PCs and making them difficult to reboot

Dark Reading Staff, Dark Reading

May 12, 2009

1 Min Read
Dark Reading logo in a gray background | Dark Reading

According to a report in Friday's Washington Post, the Zeus control server was witnessed issuing the kill command -- sometimes called the "nuclear option" -- effectively self-destructing the botnet and the PCs that helped create it. Despite the blue screen, the PCs' hard drives were not irrepairable, according to reports.

Experts agreed that many botnets have the ability to execute such a command, but they very seldom do because most live by the data and processing resources they get from their component zombie machines. Although botnets have been used to launch denial-of-service (DOS) attacks on servers or networks, there is little record of them being used to launch this sort of "blue screen" attack against their constituents.

It's possible that the botnet was attacked by a rival group, or that its operators wanted to shut down the network quickly and temporarily, experts say. Some experts even speculate that the kill command may have been triggered by mistake.

The Zeus network was hit with a number of DOS attacks following the triggering of the kill switch, and the botnet is now effectively inoperative, according to reports.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights