Zeus botnet shaken by ISP cutoffs

Zeus botnet shaken by ISP cutoffs

Summary: The repeated disconnection of an ISP linked to Zeus command-and-control servers has had some effect on the botnet's ability to spread banking Trojans

SHARE:
TOPICS: Security
0

The world's largest botnet Zeus has had its traffic disrupted by repeated disconnections of a Kazakhstani ISP, but a series of reconnections has revived its banking Trojan activity, according to security researchers.

The botnet mainly pushes out the Zeus banking Trojan, an information-stealing keylogger which relays sensitive data back to its controllers. The Kazakhstani ISP, AS Troyak, provides network connectivity to six other ISPs that host Zeus botnet command-and-control servers. On Wednesday, the upstream connectivity to AS Troyak was cut by unidentified agents.

This disconnection resulted in the shutdown of 25 percent of the Zeus botnet, said security company ScanSafe, which is part of Cisco.

"Cisco is pleased to see that this network has been crippled," said the company in a Wednesday statement. "Even though the thousands of victims of these gangs are still infected with Zeus, the malware running on their PCs is unable to communicate with its controller and no new data can be stolen from them."

Active Zeus domains dropped from 249 on Monday to 149 on Wednesday, according to the Zeus Tracker site, a Swiss security research site. However, on Thursday, the number of active domains bounced back again to 194.

Mikko Hypponen, director of antivirus research for security company F-Secure, said that AS Troyak had been disconnected and reconnected several times on Thursday. "Troyak's upstream provider has changed several times today," he said, calling the actions "very unusual."

Hypponen provided more detail on the Wednesday disconnections, noting that two upstream ISPs had stopped routing traffic to AS Troyak, probably due to a local law enforcement legal order.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion