The victory over dozens of Zeus botnets that was declared over the past couple of days may have been premature, as the Troyak-AS upstream provider that was de-peered from its upstream providers was busy finding new peers to the internet. Yet another check shows that the provider succeeded in regaining connectivity, and only two of the ISP’s that are home to handfuls of Zeus C&C’s are withdrawn (as of 11:30 a.m. Mountain Time 3/11/2010):

50215 TROYAK-AS Starchenko Roman Fedorovich

  Adjacency:     5  Upstream:     1  Downstream:     4
  Upstream Adjacent AS list
    AS8342          RTCOMM-AS RTComm.RU Autonomous System

With the original de-peering, it was thought that 68 monitored Zeus C&C’s were disconnected from the net. But, of the six ISP’s hosting almost five dozen Zeus C&C’s, only two remain de-peered, leaving 43 monitored Zeus C&C up and running. We hope to see these come down soon. In the meantime, ensure that a protective layer like ThreatFire is installed on your system, effective against Zbot attacks. And cheers to the awesome zeustracker site.

This entry was posted on Thursday, March 11th, 2010 at 11:37 am and is filed under Crimeware, ZBot. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.