One-third of orphaned Zeus botnets find way home

The takedown of 100 servers used to control Zeus-related botnets may be a short-lived victory, security researchers said after discovering that about a third of the orphaned channels were able to regain connectivity in less than 48 hours. The resurrection of at least 30 command and control channels came after their internet …

This topic is closed for new posts.

Posted Thursday 11th March 2010 22:48 GMT

Anonymous Coward

De-Peering Russia and Ukraine ?

Why don't we just "de-peer" Russia and Ukraine as a Whole ? Apparently the botnet criminals have free reign in these countries.

That kind of pressure might compel the authorities to lock up their international computer criminals. And we don't need Russian or Ukrainian web sites anyway.

Posted Friday 12th March 2010 01:44 GMT

ElReg!comments!Pierre

You know that the US are number one, right?

Apparently the US are the number one origin of computers attacks through the internet... and we don't need american websites anyway: all the good pr0n is hosted in Russia and Ukraine.

Posted Friday 12th March 2010 10:05 GMT

Anonymous Coward

And along with former Eastern Bloc nations generally...

...most of the worthwhile antivirus vendors too!

Posted Friday 12th March 2010 11:13 GMT

Rob

But we do want...

... their Gas so lets not cheese them off to much eh?

Posted Friday 12th March 2010 13:57 GMT

Anonymous Coward

You should probably start with China and Turkey then

The subject of limiting by geography is actually fairly old and well discussed. There are a couple of bugtraq threads on the subject. On the balance of things however Russia and ex-CIS is probably not the worst offender.

If you want to depeer by country you should probably start with Turkey (email spam), China (relentless brute-force cracking of ssh, pop, imap and other password based services), etc. The sole reason C&Cs are not in China for example is the great firewall of China. With the chinese attitude to security and AUPs (and law and order in general) we are lucky that incoming connections into China are subject to "government inspection". If they were not...

Posted Friday 12th March 2010 13:46 GMT

Mike Cardwell

Point?

When I first read about this my immediate thought was, what is the point? You either block access to *all* of the C&C machines, or you may as well not bother. Botnets are *designed* so that they can cope with C&C machines going offline. It's *expected* that they will.

Posted Friday 12th March 2010 15:26 GMT

Anonymous Coward

Kick those providers to the curb

Why is there not an international mandate to excommunicate computers and networks involved with cybercrime? How do legitimate providers get away with habouring malware control servers? It seems pretty crazy when goverments go on big spiels about stamping out spam when their command and control servers go untouched.

Posted Friday 12th March 2010 15:58 GMT

Eddie Johnson

@AC

You are just now noticing that governments tend to be bigger on rhetoric than action? Talk is a lot cheaper and easier than action and it's not just limited to internet security.

Posted Friday 12th March 2010 20:10 GMT

Brian Miller

De-peer both US and Russia

Since Russia controls the US botnets, de-peer both of them and everybody wins. Right?

A while back I ran a honeypot on my Verizon connection. I found between 500 to over 1200 attacks per day, with most of the attacks originating from other Verizon IP addresses. Every country with a network connection tried to connect to my IP. Since the majority of attacks came from my virtual neighborhood, that means that Verizon and other providers should chopped. No network connection means no botnet, so problem solved.

This topic is closed for new posts.