Zeus botnet shaken by ISP cutoffs

Summary:The repeated disconnection of an ISP linked to Zeus command-and-control servers has had some effect on the botnet's ability to spread banking Trojans

The world's largest botnet Zeus has had its traffic disrupted by repeated disconnections of a Kazakhstani ISP, but a series of reconnections has revived its banking Trojan activity, according to security researchers.

The botnet mainly pushes out the Zeus banking Trojan, an information-stealing keylogger which relays sensitive data back to its controllers. The Kazakhstani ISP, AS Troyak, provides network connectivity to six other ISPs that host Zeus botnet command-and-control servers. On Wednesday, the upstream connectivity to AS Troyak was cut by unidentified agents.

This disconnection resulted in the shutdown of 25 percent of the Zeus botnet, said security company ScanSafe, which is part of Cisco.

"Cisco is pleased to see that this network has been crippled," said the company in a Wednesday statement. "Even though the thousands of victims of these gangs are still infected with Zeus, the malware running on their PCs is unable to communicate with its controller and no new data can be stolen from them."

Active Zeus domains dropped from 249 on Monday to 149 on Wednesday, according to the Zeus Tracker site, a Swiss security research site. However, on Thursday, the number of active domains bounced back again to 194.

Mikko Hypponen, director of antivirus research for security company F-Secure, said that AS Troyak had been disconnected and reconnected several times on Thursday. "Troyak's upstream provider has changed several times today," he said, calling the actions "very unusual."

Hypponen provided more detail on the Wednesday disconnections, noting that two upstream ISPs had stopped routing traffic to AS Troyak, probably due to a local law enforcement legal order.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.