After weeklong fight, rogue ISP Troyak struggles for life
IDG News Service - After an international take-down effort, a rogue ISP responsible for controlling large numbers of computers infected with data-stealing code is down for the moment, but it may be reconnecting with the Internet, according to security researchers.
Troyak, which is believed to be based in eastern Europe, was knocked offline earlier this month after other networks supplying its connectivity to the Internet stopped carrying its traffic due to complaints it was complicit in cybercrime.
Since then the network has fought a cat-and-mouse game with network providers in 12 countries and international law enforcement, according to Jart Armin, the pseudonymous editor of the Hostexploit.com Web site, which has been involved in the action.
"Troyak is still fighting hard, as it is the only link to the outside Internet for a few [criminal groups]," he said in an e-mail interview.
Troyak and another ISP, Group 3, provided connectivity for 90 of 249 servers used to control Zeus, a sophisticated piece of malware that steals financial credentials and other data. Group 3 has also been disconnected.
At this point, Troyak's reputation is so sullied that it is becoming difficult for it to find other ISPs to carry its traffic on the Internet.
That's an important point, because for Troyak to resume operations, it must find another company or organization that it can peer with in order to be reconnected to the Internet. Currently, even with Troyak offline, there are still 180 Zeus command-and control servers online, Armin said. Most of these are located in Russia and Ukraine, however, making it easier for security researchers and law enforcement to stay on top of the problem.
"They're being pushed back into their own territory," Armin said.
On Sunday night, Troyak operators apparently hacked into servers in Latvia to get connectivity via an academic network in the country. But that effort was shut down with the help of Latvian law enforcement, Armin said.
But that action appeared to be temporary, and as of Wednesday, Troyak was dead.
"Troyak seems to be down," said an administrator for Zeus Tracker. "And I believe that it won't come up again. Every ISP knows that Troyak is bad and won't peer/route their badness."
But there are signs its operators are making efforts to be reconnected. Computer security experts such as Joze Nazario of Arbor Networks are watching real-time routing tables, which show how Internet traffic is exchanged between ISPs and networks.
An entity called SAINTVPN is now carrying some of the traffic that used to be on Troyak, Nazario said.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Red Hat Enterprise Linux - The Original Cloud Operating System
Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- OpenStack Hype vs. Reality: CIO Quick Pulse Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- Building a Bridge to the Next Generation Data Center Selecting a widely adopted operating system is a foundational component of a standardization strategy.
- OpenStack and Red Hat: IDC White paper Most OpenStack deployments are by public cloud providers that are early adopters of technology and use OpenStack in a do-it-yourself deployment and support...
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Live Webcast Unmasking the Differences between Consumer and Enterprise File Sync & Share The consumerization of IT combined with the rapid pace of the modern mobile workplace is forcing enterprise IT teams to evaluate file sync...
- Live Webcast Government Agency Webifies Outdated COBOL Applications Let this CTO tell you how his agency converted 1980s-era green screens into an e-filing portal for the 100,000 cases handled each year...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the... All Applications White Papers | Webcasts