Feeds

'Bulletproof' ISP for crimeware gangs knocked offline

Zeus-friendly PROXIEZ goes MIA

Internet Security Threat Report 2014

One of the internet's most resilient and crimeware-friendly networks was knocked offline Friday after the plug was pulled on its upstream service provider, security watchers said.

Russia-based PROXIEZ-NET lost its connection to the internet at about 3 am California time, according to Zeus Tracker, a website that monitors the status of internet service providers used to control PCs infected by the notorious Zeus crimeware package. Before it was disconnected, the "bulletproof" provider hosted 13 known Zeus command and control channels, making it the most Zeus-friendly ISP, Zeus Tracker statistics show.

Zeus Tracker leaders don't yet know the reason for the outage, but one of them pointed out to The Register that PROXIEZ-NET's upstream provider, DIGERNET, has also had its internet connection severed. Classless Inter-Domain Routing records show it being unceremoniously withdrawn from internet routing tables, leaving its downstream node unable to communicate.

PROXIEZ-NET has been widely accused as being a haven for purveyors of crimeware. On Tuesday, the network was added to the real-time block list maintained by Spamhaus. On Thursday night, DIGERNET was removed from the same list.

It remains to be seen how big a disruption the disconnection will have on Zeus crime gangs, which have come to regard such outages as a cost of doing business. In March, the takedown of 100 servers used to operate Zeus-related botnets turned out to be a short-lived victory for white hats. Within a couple days, their ISP was able to find a new upstream provider, allowing many stranded Zeus botnets to find their way home again.

Indeed, at time of writing, vitamelatonin.biz and a handful of other dodgy looking domains continued to map to IP addresses in PROXIEZ-NET's netblock, DIG lookup searches showed. The domains may die out over time, but a Zeus Tracker leader also held out the possibility that redundancies built into Zeus botnets would allow them to connect over alternate channels.

The disruption is nonetheless a black eye for PROXIEZ-NET, which has billed itself as a bulletproof provider that is immune from service glitches and law enforcement-driven takedowns. Representatives from the ISP didn't respond to an email seeking comment for this article. ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.