Zeus botnets suffer mighty blow after ISP taken offline

[InfoSec News <alerts () infosecnews org>]

http://www.theregister.co.uk/2010/03/10/massive_zeus_takedown/

By Dan Goodin in San Francisco
The Register
10th March 2010

At least a quarter of the command and control servers linked to 
Zeus-related botnets have suddenly gone quiet, continuing a recent trend 
of takedowns hitting some of the world's most nefarious cyber 
operations.

The massive drop is the result of actions taken by two Eastern European 
network providers. On Tuesday, they pulled the plug on their downstream 
customers, including an ISP known a Troyak, according to Mary Landesman, 
a senior researcher with ScanSafe, a web security firm recently acquired 
by Cisco Systems. That in turn severed the connections of servers used 
to control large numbers of computers infected by a do-it-yourself crime 
kit known as Zeus.

Landesman said she was able to confirm figures provided by Zeus Tracker 
that found the number of active control servers related to Zeus had 
dropped from 249 to 181. The takedown came on Tuesday around 10:22 am 
GMT and was heralded by a sudden drop off in the number of malware 
attacks ScanSafe blocks from affected IP addresses.

The takedown is the result of two network service providers, 
Ukraine-based Ihome and Russia-based Oversun Mercury, severing their 
ties with Troyak, said Landesman, who cited data returned by 
Robotex.com. The move meant that all the ISP's customers, law-abiding or 
otherwise, were immediately unable to connect to the outside world.

[...]


___________________________________________________________
Register now for HITBSecConf2010 - Dubai, the premier 
deep-knowledge network security event in the GCC, 
featuring keynote speakers John Viega and Matt Watchinski! 
http://conference.hitb.org/hitbsecconf2010dxb/