Zeus botnet dealt a blow as ISP Troyak knocked out
IDG News Service - Internet service providers linked to the notorious Zeus botnet have been taken down, knocking out a third of the command-and-control servers that run the network of hacked machines.
Two ISPs, named Troyak and Group 3, were home to 90 of the 249 known Zeus command-and-control servers. Zeus Tracker, a Web site that tracks the botnet, noticed the steep drop in servers on Wednesday morning.
The Troyak network was itself an upstream provider to six networks, known to host a large number of cybercrime servers, including Web sites used in drive-by attacks and phishing sites, according to Kevin Stevens, a researcher with SecureWorks. "There's lots of Zeus and Fragus exploit kit [sites]," he said. Whoever was behind the takedown "just decided to knock out a large area of cybercirme, and this was probably one of the easiest ways to do it."
Troyak is based in Kostanay, Kazakhstan, according to whois records. The company could not be reached immediately for comment.
The Zeus Tracker administrator, who asked not to be named, said that at first he thought that there had been some type of technical error in the Zeus code. On further investigation, he discovered that Troyak had been taken offline, which in turn knocked the networks hosting the botnet servers off the Internet.
This kind of ISP takedown has worked in the past. Just over a year ago, McColo, in San Jose, California, was taken offline by its upstream service providers, resulting in a temporary, but dramatic, drop in spam as its botnet command-and-control servers on its network were disabled.
As with the McColo takedown, Troyak's upstream providers seem to have knocked it off the Internet, Cisco said in a statement. "The ISP was 'De-peered,'" Cisco said. "Troyak's upstream network providers effectively pulled the plug on Troyak's router, refusing to transmit its traffic."
Zeus is actually a botnet-making kit that allows cybercriminals to create their own networks of infected computers, but it has been associated with a wave of financial fraud that has caused hundreds of millions in losses to U.S. financial institutions over the past year. Organized crime groups in Eastern Europe are thought to be behind this fraud.
Wednesday's takedown appears to have targeted one of the Zeus gangs, but it is remarkable in that whomever is responsible for the effort is asking not to be identified.
A security researcher who uses the pseudonym Jart Armin attributed Troyak and Group 3's disconnection to "good community action" and said that there was "more being done right now involving many, to ensure the [Zeus gang] have nowhere to go."
"Not every action is a corporate PR exercise," he said. "And we cannot get these guys by knocking off a bunch of domains via a court in Virginia," a reference to Microsoft's recent court-ordered takedown of the Waledac botnet.
This state transportation department uses computer science students from a local university as programming interns, and everyone is happy with the arrangement -- until one intern learns how to bring down the mainframe.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Why Projects Fail
- CIOs are expected to deliver more projects that transform business, and do so on time, on budget and with limited resources.
- The New Business Case for Video Conferencing: 7 Real-World Benefits Beyond Cost-Savings
- This whitepaper provides insight into the value of video conferencing in today's business environment, and how organizations are using visual collaboration to find...
- Gartner Magic Quadrant for Client Management Tools
- The client management tool market is maturing and evolving to adapt to consumerization, desktop virtualization, and an ongoing need to improve efficiency.
- Audit Ready and Asset Optimized: The Solid Promise of an Intelligent Software Asset Management Solution
- In this paper Frost & Sullivan examines the benefits of enterprise-grade Software Asset Management solutions, and how these solutions serve as the convergence... All Government IT White Papers
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Mobile Security: Containerizing Enterprise Data In this on-demand webinar, Fixmo's Lee Cocking, VP of corporate strategy, explains why Apple-ization trends like mobility and "bring-your-own-device" (BYOD) are driving the...
- Endpoint Data Management: Protecting the Perimeter of the Internet of Things Not surprisingly, "Internet of Things" (IoT) and Big Data present new challenges AND opportunities for enterprise IT. Teams need to harness, secure and...
- How to Protect Enterprise Data Yet Enable Secure Access for End Users Learn how BYOD, Big Data and the use of rogue applications and devices is putting corporate data at risk, best practices from IT...
- All Government IT Webcasts