A network frequently used for malware delivery was shut down last night, probably against the will of its operators.
Troyak.org, a Kazakhstani "Internet service provider" well-known for serving Zeus botnets and other malware delivery methods, went dark overnight, resulting in the shutdown of as many as 25 percent of the world's Zeus botnets, according to researchers at Cisco's ScanSafe and RSA's FraudAction security research units.
The two groups of researchers did not definitively agree on the cause of the outage, but they agreed one likely source is backbone network service providers, possibly working with law enforcement agencies, which might have taken the action to cut service off from botnets and malware distributors.
Less than 24 hours after the outage, many components of the ISP began to operate again. But malware delivery has temporarily dropped off significantly across the Web, and it's likely the Troyak network is at least crippled, the researchers say.
"There are those who say that a takedown like this doesn't do much good because the network can get back into service fairly quickly, but I disagree," says Mary Landesman, head security researcher at ScanSafe. "A shutdown hits criminals where it hurts the most -- in the wallet. Rising costs will become a deterrent to some of this activity."
According to Sean Brady, product manager for the Identity Protection & Verification Group at RSA, Troyak is an upstream provider for several smaller malware-bearing "ISPs."
News 4 months ago
