Botnet ‘ZeuS’ traced to Real Host of Latvia
An association of security investigators stated during August 1-2, 2009 that when they tried to
trace the ZeuS botnet, a gigantic network that its owners utilized for Internet fraud, they found
that it was linked to an organization in Latvia called Real Host, which employed hired servers.
The investigators also found that the organization carried out a variety of other online crime
activities and that the computing authority in Latvia was investigating the company.
However, the experts stated that it wasn't known as to what extent of the ZeuS botnet was under
the control of Real Host, while it was generally very hard to point a finger to the
massively-built botnet's centre.
Meanwhile, researchers including Jart Armin and Andrew Martin said that Real Host had hired
numerous IPs from an ISP called Junik in Riga, and that it went online through a Swedish
connectivity service named Telia.
The researchers further found an extraordinary variety of more malicious operations that were
carried out at Real host that could be compared with those of the recently shuttered Atrivo and
McColo, the U.S. service providers that too specialized in supporting criminal clienteles.
Said the experts that sadly for the ZeuS botnet with its huge magnitude it wasn't easy to find
its real centre.
Besides, Real Host had mentioned an address in Kazakhstan to the domain name registration company
Directi. Telia together with Latvia's computing authority were scrutinizing Real Host, the
In the meantime, security specialists state that ZeuS also has connections with Rock Phish, an
Internet crime gang under the control of Russian perpetrators and which is responsible for 50% of
the global online phishing attacks that stole sensitive personal information.
Aside this, according to Damballa a security company, ZeuS has seized 3.6 million computers in
USA, exceeding any other botnet's seizure.
Moreover, cyber-criminals have recently been using the ZeuS Bot program to install the virus on
computers of unwitting users.
Additionally, in another instance of ZeuS attack, University of Alabama at Birmingham's security
experts revealed during July end week 2009 that phony online postcards targeted inboxes globally
with web-links pointing to the ZeuS.
Related article: Botnet Misuses Google Analytics
» SPAMfighter News - 21-08-2009