By Dan Goodin in San Francisco
10th March 2010
At least a quarter of the command and control servers linked to
Zeus-related botnets have suddenly gone quiet, continuing a recent trend
of takedowns hitting some of the world's most nefarious cyber
The massive drop is the result of actions taken by two Eastern European
network providers. On Tuesday, they pulled the plug on their downstream
customers, including an ISP known a Troyak, according to Mary Landesman,
a senior researcher with ScanSafe, a web security firm recently acquired
by Cisco Systems. That in turn severed the connections of servers used
to control large numbers of computers infected by a do-it-yourself crime
kit known as Zeus.
Landesman said she was able to confirm figures provided by Zeus Tracker
that found the number of active control servers related to Zeus had
dropped from 249 to 181. The takedown came on Tuesday around 10:22 am
GMT and was heralded by a sudden drop off in the number of malware
attacks ScanSafe blocks from affected IP addresses.
The takedown is the result of two network service providers,
Ukraine-based Ihome and Russia-based Oversun Mercury, severing their
ties with Troyak, said Landesman, who cited data returned by
Robotex.com. The move meant that all the ISP's customers, law-abiding or
otherwise, were immediately unable to connect to the outside world.
Register now for HITBSecConf2010 - Dubai, the premier
deep-knowledge network security event in the GCC,
featuring keynote speakers John Viega and Matt Watchinski!