Forgot your password?

Close
typodupeerror
Botnet Security The Internet IT

Zeus Botnet Dealt a Blow As ISPs Troyak, Group 3 Knocked Out 156

Posted by timothy
from the brief-respite-while-sauron-regroups dept.
itwbennett writes "Ninety of the 249 Zeus command-and-control servers were knocked offline overnight when two ISPs, named Troyak and Group 3, were taken offline. Whoever was behind the takedown 'just decided to knock out a large area of cyber-crime, and this was probably one of the easiest ways to do it,' said Kevin Stevens, a researcher with SecureWorks. As with the McColo takedown of just over a year ago, Troyak's upstream providers seem to have knocked it off the Internet, Cisco said in a statement. 'The ISP was "De-peered,"' Cisco said. 'Troyak's upstream network providers effectively pulled the plug on Troyak's router, refusing to transmit its traffic.'"
This discussion has been archived. No new comments can be posted.

Zeus Botnet Dealt a Blow As ISPs Troyak, Group 3 Knocked Out More

Zeus Botnet Dealt a Blow As ISPs Troyak, Group 3 Knocked Out

Comments Filter:

  • Niney (Score:3, Informative)

    by Evelas (1531407) on Wednesday March 10 2010, @08:01PM (#31432830)
    Read that, figured it was Nine, read the article, 90 of 249

  • Internet Death Penalty (Score:4, Informative)

    by Anonymous Coward on Wednesday March 10 2010, @08:11PM (#31432906)

    Might as well call it by its name: Internet Death Penalty [catb.org]

  • Re:Words (Score:5, Informative)

    by chadenright (1344231) <chadenright@@@hotmail...com> on Wednesday March 10 2010, @08:14PM (#31432926) Journal
    The Internet Service Providers providing internet service to the 90 zeus command nodes suddenly (and involuntarily) stopped providing internet service. TFA attributes this to "anonymous community action". Basically, someone got irritated at the bot net and blacked out a fair chunk of Kazakhstan in order to damage it.

  • Update: Troyak is back online (Score:5, Informative)

    by angry tapir (1463043) on Wednesday March 10 2010, @08:37PM (#31433104) Homepage
    According to this article [goodgearguide.com.au]: "Just hours after Internet service providers severed network connectivity to Troyak, an ISP associated with the Zeus botnet, the ISP has regained connectivity after peering with a new upstream Internet service provider."

  • Re:Words (Score:3, Informative)

    by Nefarious Wheel (628136) on Wednesday March 10 2010, @08:59PM (#31433294) Journal

    I'm sorry, you're going to have to repeat that; what happened? Were they somehow removed from the internet?

    They were the recipients of a staged compaction of fissile material achieving critical mass and subsequent chain reaction within a projectile arriving from an exospheric source.

  • Re:Good (Score:5, Informative)

    by shentino (1139071) on Wednesday March 10 2010, @09:02PM (#31433318)

    And for once it WOULD be a good idea.

    Just look at what happened to Blue Security. They put spam down so well that a pissed off spammer lobbed an electronic nuke at them.

    The guys that took out Blue were able to do so because they had a freaking ARMY of computers. An army, by the way, that they built up through illegal means. Now, accumulating firepower through theft, that does sound like a form of terrorism to me.

  • Re:The short answer? Money. (Score:3, Informative)

    by Anonymous Coward on Wednesday March 10 2010, @09:05PM (#31433338)

    This is called a pink contract.

    http://catb.org/jargon/html/P/pink-contract.html [catb.org]

  • Re:No Longer Vigilantism? (Score:2, Informative)

    by Anonymous Coward on Wednesday March 10 2010, @10:12PM (#31433748)

    The Internet Death Penalty is older than Slashdot and even older than some Slashdot users. The internet is based on huge number of peering agreements, agreements which can be made, changed and terminated. The structure of the internet changes all the time. Take a look at the BGP updates if this interests you. One of the reasons for depeering is "you're causing us too much trouble, so we don't want your business anymore." Then the shunned ISP has to find another uplink. Sometimes no other ISP wants to act as uplink for an ISP with a bad reputation and the bad ISP can't get back online. That's the IDP. There's nothing lawless or vigilante about it.

  • Re:Windows again (Score:4, Informative)

    by cortesoft (1150075) on Thursday March 11 2010, @01:36AM (#31434788)

    Now, if you have a computer that it is impossible for the user to install stuff on, well then you have a much more secure platform.

    What you have is a damn iPad

  • Re:And these ISP's other customers...? (Score:3, Informative)

    by wamatt (782485) * on Thursday March 11 2010, @03:11AM (#31435164) Homepage
    I find it very hard to believe the ISP was not aware. Depeering is a last resort when al other options have failed and the ISP has failed to respond or is unwilling to address the problem client.

  • Re:Good (Score:5, Informative)

    by hairyfeet (841228) <[bassbeast1968] [at] [gmail.com]> on Thursday March 11 2010, @03:24AM (#31435216) Journal

    As a PC repairman allow me to explain why Zeus is still around, it is because the OEMs suck ass, that's why. You see ever since XP Sp2 (and some even earlier) the OEMs have been loading PCs with images that have the absolute worst default security policies you can possibly imagine, hell a junior HS student could do better. They set up an obvious username with no password, like "HP_User" and then go and turn autoupdates to OFF. In fact in 6 years I don't think I've seen an OEM PC with autoupdates activated. Just yesterday I had one cross my desk that the patches only went to SP2, that was...what 7 years ago? Hell no wonder there are so many botnets, the OEMs make it so any script kiddie can own millions of PCs!

    As for TFA, my guess is that many of the C&C servers are hosted in some idoncareistan, where a nice fat bribe will make all those problems go bye bye. Just look at Nigeria, where scamming is practically a noble profession. And it isn't like they can't find plenty of sleazeballs here in the USA that will be happy to do business with them as long as the money is green.

    Ultimately if we are gonna turn the tide I think it has to start with the OEMs before the customer ever picks up the PC. We need to demand some basic common sense, like having the user pick a password on first launch, having automatic updates set to on as default, and having some rules with regards to the crapware AVs they install, such as having it refuse to start if it is no longer good, so the user won't have a false sense of security. If I had my way it would give the user a list of AVs on first run, including free ones, like Windows 7 did on first start, but since I haven't had any OEM Windows 7 machines cross my desk yet I'm sure the OEMs disabled that as well. But expecting the customer to know their machine is crippled from the factory, as well as the steps to fix it, is just insane when so much can be done at the factory to negate this problem IMHO.

  • Re:Good (Score:3, Informative)

    by Anonymous Coward on Thursday March 11 2010, @08:26AM (#31436386)

    Now, accumulating firepower through theft, that does sound like a form of terrorism to me.

    Despite what the talking heads on TV or the politicians have told you to think, terrorism does not mean "anything illegal" or "anything against the interests of the country". Terrorism is an activity that is designed to accomplish its goals through the use of fear and paranoia against the general population.
    Stockpiling a supply of bombs does not make you a terrorist, using or threatening to use them against a target such as a school does.

Grandpa Charnock's Law: You never really learn to swear until you learn to drive. [I thought it was when your kids learned to drive. Ed.]