After takedown, botnet-linked ISP Troyak resurfaces
IDG News Service - Last week, FBI Director Robert Mueller called the fight against hackers "the cyber equivalent of cat-and-mouse." On Wednesday, security experts trying to take down the Zeus botnet got a taste of what he meant.
Just hours after Internet service providers severed network connectivity to Troyak, an ISP associated with the Zeus botnet, the ISP has regained connectivity after peering with a new upstream Internet service provider.
"Don't worry, it is up and running again," Troyak spokesman Roman Starchenko said in an e-mail to IDG News Service. "We fixed our weakness and now it will become concrete stable."
He blamed the outage on an administrative error.
Security researchers confirmed Wednesday that Troyak was back online, after peering with an Internet service provider named Ya.
That means the 68 Zeus botnet command-and-control servers associated with Troyak can reconnect to hacked systems and issue new instructions. Disputing Starchenko's explanation, security experts say they had stopped that from happening by getting Troyak's upstream providers to stop peering with it, essentially isolating it from the rest of the Internet.
The person or group who knocked Troyak offline has asked to remain anonymous, according to several researchers familiar with the situation.
Zeus is a botnet kit used by a large number of cybercriminals. Researchers have counted 249 Zeus command-and-control servers to date. Another Internet service provider named Group 3 was also knocked offline Wednesday. It has not been reconnected, however.
The next step will be to "de-peer" Troyak from its new service provider, either an ISP named Nassist or its upstream provider, Hurricane Electric, said a researcher familiar with the matter who spoke via instant message on condition of anonymity.
The back and forth is reminiscent of the November 2008 takedown of San Jose, California, ISP McColo. When McColo went offline, a large percentage of the world's spam disappeared with it, but criminals were able to slowly regain control of their botnet networks, and spam levels returned.
That may well be what happens with Troyak, although some hope that won't be the case.
"We have taken some of their territory, they are trying to out flank us," the researcher said via IM. "We are going to win this one -- we have 'em boxed in."
- IDG Research Survey: Are you Paying Too Much for Your NMS? Feel like you're paying too much for network monitoring? You're not alone. This survey brief summarizes findings from research recently fielded by IDG...
- Using Packet Analysis for Quality of Experience Monitoring In this whitepaper, we will discuss what Packet Analysis is, some of the useful information it can provide, and how this info can...
- The business impact of BYOA: Five major challenges and how your enterprise can solve them This E-Book reviews five major challenges of BYOA with key subject matter experts and outlines how businesses can solve them.
- The BYOA Opportunity Visual demonstration of problems that unmonitored, employee-introduced cloud apps can cause a business, and why IT managers need a solution to help and...
- Live Webcast Master the Changing SAP Landscape with Performance Management SAP landscapes are not getting simpler. Gradually, business processes that used to be contained on a single SAP system now involve a range...
- Tips to Simplify Database Administration and Development Make your job easier while getting the most from the leading productivity tool for database professionals. Learn tips from Dell Software's Oracle® ACE,...
- Data Breaches - Don't Be a Headline Whether it's a HIPAA/HITECH, Sarbanes Oxley, Gramm-Leach-Bliley violation, or a State breach notification law, a data breach can have substantial legal and financial... All Applications White Papers | Webcasts