According to a recently released study into the activities of the notorious ZeuS crimeware, researchers from Trusteer sampled malicious activity from random ZeuS botnets, to find out that the United States tops the C&C (command and control) hosting chart. Despite the clear U.S dominance, the main emphasis of the study is the slight increase in Eastern European hosting share compared to the U.S.
Our research shows that the US (39.8 per cent), Russia (21.6 per cent) and Ukraine (6.5 per cent) were the top three countries, with Eastern Europe accounting for 32.0 per cent of Zeus configs. That doesn't mean other countries are off the hook, as China, Malaysia, Iraq and Canada - along with Germany, the UK and the Netherlands in the EU territories - are also responsible for Web sites with hosted Zeus environments.
The analysis of sites IP accessible over the last 80 days makes for some interesting reading, as 29 per cent were found to be US Web sites, with Ukraine (17 per cent) and Russia (14 per cent) once again joining the US on the Zeus hall of shame podium.
The ZeuS tracker, a free service tracking and sharing ZeuS crimeware activity data, currently shows that Russia (73) is hosting more command and control servers than the United States (67). These minor fluctuations are pretty common, and speak for nothing else, but the dynamic nature of the hosting providers that cybercriminals use.
- Researchers peek inside a mini ZeuS botnet, find 60GB of stolen data
- RSA: Banking trojan uses social network as command and control server
- Report: ZeuS crimeware kit, malicious PDFs drive growth of cybercrime
What's the connection between the fact that the U.S. is clearly dominating the hosting infrastructure, and the actual infection rates on a per country basis?
Cybercriminals always go where the higher purchasing power is. In fact, some of the affiliate networks that share revenue with the cybercriminals for successfully infecting a host, on purposely do not accept infections from Eastern European countries, namely, despite the fact that the hosts are infected, cybercriminals would rarely pay them any special attention, compared to hosts located in countries known to have a higher purchasing power online.