Short Lived Victory over Zeus Botnet

On Wednesday, one quarter of the command and control servers for the Zeus Botnet were taken off-line. According to an article on The Register,  on Tuesday two Eastern European network providers shut off their downstream customers, including an ISP known as Troyak. The severing of this connection caused the command and control servers for the Zeus Botnet to drop from 249 to 181.

“The takedown is the result of two network service providers, Ukraine-based Ihome and Russia-based Oversun Mercury, severing their ties with Troyak, said Landesman, who cited data returned by Robotex.com. The move meant that all the ISP’s customers, law-abiding or otherwise, were immediately unable to connect to the outside world.”

It appears to be a short-lived victory though as an article today on The Register states that one-third of the affected command & control botnet servers have already reconnected:

The problem is that as soon the C&Cs are reachable from the internet again, the cybercriminals can regain the control of their botnet and can safely move the stolen data away from those AS’s to a safer place or to a backup server,” a researcher connected to the Zeus Tracker service told The Register. “Very bad.”

This takedown happened one week after Spanish authorities shutdown the Mariposa Botnet and a month after Microsoft shutdown several Waledac Botnet servers. These shutdowns are making a difference, but the cyber criminals are finding ways to get back up and running in a relatively short period of time.

~ by D. Dieterle on March 12, 2010.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: