Internet service providers linked to the notorious Zeus botnet have been
taken down, knocking out a third of the command-and-control servers that run the
network of hacked machines.
Two ISPs, named Troyak and Group 3, were home to 90 of the 249 known Zeus
command-and-control servers. Zeus Tracker, a Web site that tracks the botnet,
noticed the steep drop in servers on Wednesday morning.
The Troyak network was itself an upstream provider to six networks, known to
host a large number of cybercrime servers, including Web sites used in drive-by
attacks and phishing sites, according to Kevin Stevens, a researcher with
SecureWorks. "There's lots of Zeus and Fragus exploit kit [sites]," he said.
Whoever was behind the takedown "just decided to knock out a large area of
cybercirme, and this was probably one of the easiest ways to do it."