Zeus botnet dealt a blow as ISP Troyak knocked out
IDG News Service - Internet service providers linked to the notorious Zeus botnet have been taken down, knocking out a third of the command-and-control servers that run the network of hacked machines.
Two ISPs, named Troyak and Group 3, were home to 90 of the 249 known Zeus command-and-control servers. Zeus Tracker, a Web site that tracks the botnet, noticed the steep drop in servers on Wednesday morning.
The Troyak network was itself an upstream provider to six networks, known to host a large number of cybercrime servers, including Web sites used in drive-by attacks and phishing sites, according to Kevin Stevens, a researcher with SecureWorks. "There's lots of Zeus and Fragus exploit kit [sites]," he said. Whoever was behind the takedown "just decided to knock out a large area of cybercirme, and this was probably one of the easiest ways to do it."
Troyak is based in Kostanay, Kazakhstan, according to whois records. The company could not be reached immediately for comment.
The Zeus Tracker administrator, who asked not to be named, said that at first he thought that there had been some type of technical error in the Zeus code. On further investigation, he discovered that Troyak had been taken offline, which in turn knocked the networks hosting the botnet servers off the Internet.
This kind of ISP takedown has worked in the past. Just over a year ago, McColo, in San Jose, California, was taken offline by its upstream service providers, resulting in a temporary, but dramatic, drop in spam as its botnet command-and-control servers on its network were disabled.
As with the McColo takedown, Troyak's upstream providers seem to have knocked it off the Internet, Cisco said in a statement. "The ISP was 'De-peered,'" Cisco said. "Troyak's upstream network providers effectively pulled the plug on Troyak's router, refusing to transmit its traffic."
Zeus is actually a botnet-making kit that allows cybercriminals to create their own networks of infected computers, but it has been associated with a wave of financial fraud that has caused hundreds of millions in losses to U.S. financial institutions over the past year. Organized crime groups in Eastern Europe are thought to be behind this fraud.
Wednesday's takedown appears to have targeted one of the Zeus gangs, but it is remarkable in that whomever is responsible for the effort is asking not to be identified.
A security researcher who uses the pseudonym Jart Armin attributed Troyak and Group 3's disconnection to "good community action" and said that there was "more being done right now involving many, to ensure the [Zeus gang] have nowhere to go."
"Not every action is a corporate PR exercise," he said. "And we cannot get these guys by knocking off a bunch of domains via a court in Virginia," a reference to Microsoft's recent court-ordered takedown of the Waledac botnet.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
This state transportation department uses computer science students from a local university as programming interns, and everyone is happy with the arrangement -- until one intern learns how to bring down the mainframe.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Infographic: Converged Infrastructure Benefits
- This Infographic quantifies the savings organizations are realizing from increased deployment speed, higher availability, and lower annual costs.
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage
- Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
- Going Paperless? Here's What You Need to Think About
- As makers of some of the world's most popular PDF solutions, we often consult with businesses & governmental agencies that have the goal...
- The Big Data Opportunity for HR and Finance
- If CEOs, CFOs, CIOs, and CHROs want to drive their businesses forward, they will need to quickly recognize the enormous value of big... All Government IT White Papers
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control.
Enhance Your Virtualization Infrastructure With IBM and Vmware
Date: Wednesday, May 14, 2014, 1:00 PM EDT
Virtualization technology is now expanding beyond the server compute elements to encompass networking and storage...
Transforming Finance, Procurement and Supply Chain Effectiveness with Cross-Functional Analytics
Date: May 6th, 2014
Time: 1 PM EDT
Attend this Webcast to find out how Oracle's packaged analytic applications enable line-of-business managers to examine all...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- All Government IT Webcasts