On Wednesday, one quarter of the command and control servers for the Zeus Botnet were taken off-line. According to an article on The Register, on Tuesday two Eastern European network providers shut off their downstream customers, including an ISP known as Troyak. The severing of this connection caused the command and control servers for the Zeus Botnet to drop from 249 to 181.
“The takedown is the result of two network service providers, Ukraine-based Ihome and Russia-based Oversun Mercury, severing their ties with Troyak, said Landesman, who cited data returned by Robotex.com. The move meant that all the ISP’s customers, law-abiding or otherwise, were immediately unable to connect to the outside world.”
It appears to be a short-lived victory though as an article today on The Register states that one-third of the affected command & control botnet servers have already reconnected:
The problem is that as soon the C&Cs are reachable from the internet again, the cybercriminals can regain the control of their botnet and can safely move the stolen data away from those AS’s to a safer place or to a backup server,” a researcher connected to the Zeus Tracker service told The Register. “Very bad.”
This takedown happened one week after Spanish authorities shutdown the Mariposa Botnet and a month after Microsoft shutdown several Waledac Botnet servers. These shutdowns are making a difference, but the cyber criminals are finding ways to get back up and running in a relatively short period of time.