Feeds

Zeus botnets suffer mighty blow after ISP taken offline

One quarter of C&C channels vanish

5 things you didn’t know about cloud backup

At least a quarter of the command and control servers linked to Zeus-related botnets have suddenly gone quiet, continuing a recent trend of takedowns hitting some of the world's most nefarious cyber operations.

The massive drop is the result of actions taken by two Eastern European network providers. On Tuesday, they pulled the plug on their downstream customers, including an ISP known a Troyak, according to Mary Landesman, a senior researcher with ScanSafe, a web security firm recently acquired by Cisco Systems. That in turn severed the connections of servers used to control large numbers of computers infected by a do-it-yourself crime kit known as Zeus.

Landesman said she was able to confirm figures provided by Zeus Tracker that found the number of active control servers related to Zeus had dropped from 249 to 181. The takedown came on Tuesday around 10:22 am GMT and was heralded by a sudden drop off in the number of malware attacks ScanSafe blocks from affected IP addresses.

The takedown is the result of two network service providers, Ukraine-based Ihome and Russia-based Oversun Mercury, severing their ties with Troyak, said Landesman, who cited data returned by Robotex.com. The move meant that all the ISP's customers, law-abiding or otherwise, were immediately unable to connect to the outside world.

"That's a pretty interesting development and I think a very positive one, because they're now putting the shared costs on the network service provider," Landesman told The Register. "There's not always a lot of impetus for these network service providers to take action, but as soon as you have such a severe repercussion where they're actually not able to serve any of their customers, legitimate or otherwise, they're now sharing in that cost."

The takedown comes a week after authorities in Spain and the United States clipped the wings of the Mariposa botnet. One of the world's biggest botnets, it controlled almost 13 million infected computers and infiltrated more than half of the Fortune 1000 companies. Late last month, Microsoft was able to disrupt the Waledac botnet by obtaining a court-issued order against scores of domains associated with the spam-spewing menace.

In November 2008, upstream providers terminated service to McColo, a San Jose, California-based ISP accused of providing service to a large percentage of the world's spammers, malware purveyors and child pornographers.

It still remains to be seen how significant a victory the latest takedown will be. In the two days leading up to it, Zeus-related malware attacks spiked to unprecedented levels, Landesman said, going from a little less than one per cent of the blocks ScanSafe performs on behalf of its customers to more than 10 per cent.

That has touched off speculation that the people running the botnets had advance notice that allowed them to build new botnets that would be unaffected by the action.

"It's certainly an odd coincidence," Landesman said. "I think it's an indication of possible forewarning and an attempt to get new bots out there." ®

The essential guide to IT transformation

More from The Register

next story
One HUNDRED FAMOUS LADIES exposed NUDE online
Celebrity women victimised as Apple iCloud accounts reportedly popped
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
HP: NORKS' cyber spying efforts actually a credible cyberthreat
'Sophisticated' spies, DIY tech and a TROLL ARMY – report
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?