2010
03.12

Security experts are tracking a massive drop in the global number of control servers for various ZeuS botnets that are online, suggesting that a coordinated takedown effort may have been executed by law enforcement and/or volunteers from the security research community acting in tandem.

[….]

Update, 4:36 p.m. ET: Sadly, it appears that Troyak — the Internet provider that played host to all these ZeuS-infested networks that got knocked offline yesterday — has since found another upstream provider to once again connect it to the rest of the Internet.

Update, Mar. 11, 5:48 p.m. ET: Zeustracker recently posted this update to its site: Bad news: Since Troyak started their peering with RTCOM-AS, the number of active ZeuS C&C servers has increasted from 149 up to 191. For now, more than 40 ZeuS C&C servers are back online! This means that the cybercriminals are now able to move the stolen data to a safe place or a backup server. Additionally, the cybercriminals are able to update their config files served to the infected clients to set up a fallback server (if Troyak will disappear from the internet again).

via Dozens of ZeuS Botnets Knocked Offline — Krebs on Security.

An updated graph from zeustracker :

The graph shows a sharp recover of   the Zeus activity during the last day. Online Zeus Configs had increased steeply for 149 to 223.

This information tell us  that the criminals are reacting to the Troyak-as take-off by updating their zombies to contact a new C&C. Therefore, the Zeus activity will probably rally again in the next day.

In addition, Koobface worm doubles C&C servers in 48 hours

No Comment.

Add Your Comment

*