Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zeus Botnet Down But Not Out

Posted by timothy on from the like-the-energizer-bunny-in-more-ways-than-one dept.

harryjohnston writes "The Register points out that the takedown of a significant number of Zeus command-and-control servers, which we discussed earlier, was a short-lived victory, as about one-third of the affected servers were back on the net in less than 48 hours." Adds itwbennet: "Just hours after network connectivity to Troyak was severed the ISP peered with a new upstream Internet service provider named Ya. The next step will be to 'de-peer' Troyak from its new service provider, either an ISP named Nassist or its upstream provider, Hurricane Electric, said a researcher familiar with the matter. 'We have taken some of their territory, they are trying to out flank us,' the researcher said via IM. 'We are going to win this one — we have 'em boxed in.'"

9 of 67 comments (clear)

  1. Well I'm sold. by Anonymous Coward · · Score: 5, Funny

    How much are they charging per month for use of a command-and-control server? Can I host my e-commerce site on Zeus?

    Do you have to share the command and control server with other users? Or do they have a "private command server" option?

    (On a side note- will twittering help my business?)

    1. Re:Well I'm sold. by ae1294 · · Score: 5, Interesting

      Can I host my e-commerce site on Zeus?

      I'm not sure if this is funny or dreadfully insightful... Most data centers can't keep it up for a single year but then you have schmucks who keep these bot-nets up seemingly forever.

      Are we looking at the future of serious web-hosting?

    2. Re:Well I'm sold. by timmarhy · · Score: 5, Interesting

      it's almost like you've come up with a method of distributing data amongest "peers", so when one peer goes offline others continue to send data giving you redundancy. i think we should call it b2b - bot 2 bot.

      --
      If you mod me down, I will become more powerful than you can imagine....
    3. Re:Well I'm sold. by symbolset · · Score: 4, Interesting

      It's called "bulletproof hosting". You pay in E-gold. Preferably from an account with a fake name.

      But yes, they can keep your site up even against determined government-based opposition. They have private command server and random host virtual desktops. You can buy botnets by the host or rent them by the hosthour. DOS hosts are ready for your competitor throttling needs, and bulk discounts scale appropriately. Please be advised that certain challenging chores like DDoS of national infrastructure servers require open finance accounts and sufficient credit must be made available before the attack starts.

      Almost without exception, the hosts themselves run Windows.

      --
      Help stamp out iliturcy.
  2. Re:Here's how to defeat Zeus... by Cryacin · · Score: 5, Funny

    Aparently if your father had encased something else in rubber, we wouldn't have to listen to your drivel...

    --
    Science advances one funeral at a time- Max Planck
  3. Rule #2 by Anonymous Coward · · Score: 4, Funny

    Double Tap

  4. Re:Redundancy by symbolset · · Score: 5, Insightful

    This is actually informative. Botnets are the very model of enterprise redundant high-availability. The technology is remarkable in its resilience. You could wipe out Europe and Asia with dual asteroids, and the thing would keep going.

    If you want to keep your enterprise up no matter what happens then you need to be prepared for a headshot. They are, and it's not enough to bring them down. How prepared are you?

    --
    Help stamp out iliturcy.
  5. Re:Botnets by SolidAltar · · Score: 5, Informative

    MalwareBytes is shockingly good at malware removal. Theres almost nothing else like it.
    Also, dump Symantec and McAfee crapware for Microsoft Security Essentials or something like NOD32.

    Symantec and McAfee no longer keep up with viruses. Every day I'm doing janitor on systems with Symantec Endpoint. I transfer the viruses from the infected machines to my own to submit them to Microsoft...but then Security Essentials picks them up. Symantec has no clue.

  6. Re:Botnets by Anonymous Coward · · Score: 4, Interesting

    Nothing special to it. It's just like a standard virus infection. Take the Blaster worm, for example. You can normally just look at router lights and see if someone's infected (well, unless there's a person constantly streaming music.) The point is that these zombies are up all day getting and receiving data, like a webhost. The data is either addresses to be newly infected, or new command data containing the payloads with the actual spam to be sent out.

    If you turn off all the P2P apps, let the PC boot up to a desktop and the network light for that PC immediately goes non-stop for more than 15 minutes, you're infected. No buts.