Zeus-Hosting Russian ISP Taken Offline
PROXIEZ-NET, an Internet Service Provider based in Russia, that cyber-thieves popularly used for stealing logins for online banking is said to have been cut off from the Internet on May 14, 2010 following services severed from DIGERNET, the ISP's upstream provider. PROXIEZ-NET harbored around 13 command-and-control servers of the notorious Zeus Trojan prior to being cut off from DIGERNET.
As per the reports, while PROXIEZ served as the Internet host for keylogging software of hackers as well as for gathering and maintaining stolen data.
Describing the application of keylogging software, the security researchers said that thieves frequently use it for grabbing users' login information for Internet banking. The process includes loading a short code onto a PC that follows every keystroke, after which it transmits the captured data onto the remote attacker's system.
F-Secure's Chief Research Officer, Miko Hypponen, said that it was extremely good to have the latest development. Criminals who were utilizing the ISP to carry out malicious activities were nearly sure to have moved onto another service, he noted. BBC published this on May 17, 2010.
Besides this, Editor Rupert Goodwins of ZDNet UK stated that the shutdown of PROXIEZ-NET represented one more tussle in the battle towards dismembering malicious botnets. According to him, in the case of Zeus, the shutdown helped to disassociate the C&C servers, which coordinated rootkits and Trojans, as per the news published by BBC on May 17, 2010.
Another security response manager Patrick Fitzgerald at security firm Symantec stated that the shutdown implies a favorable attempt vis-à-vis the battle on malware networks like Zeus.
However, according to him, the advantages might not remain for long, as data thieves move onto more supportive ISPs to operate their C&C servers.
The security researchers claimed that several users of PROXIEZ-NET have been running genuine services; consequently, they're now adversely trapped in this fight against malware.
Finally, the latest shutdown brings to mind the shutdown of McColo, the infamous spam host, in 2008. At that time, its 2 key ISPs disconnected it following Security Fix, under the lead of Washington Post reporter Brian Krebs, giving clues that McColo-supported network harbored huge volumes of spam along with other illegal online activities.
Related article: Zeus Trojan Stole Huge Amount of Information
» SPAMfighter News - 27-05-2010