Ineffective Takedown Attempt by Microsoft
Though Microsoft took control over most of the command and control (C&C) servers allied with the Zeus botnet, some of the domains are still spared and thus remained active, as reported by FireEye.
According to security researchers at FireEye, this part of the botnet works in association with a Zeus variant, popular for rapidly changing C&C.
Out of the 156 different C&C domains employed by the botnet, Microsoft took over only 147 in Operation B-71.
The remaining 9 C&C left in this operation were concluded as dead and remained inactive to resolve any of the IP address; 4 of them were abandoned by the cyber crooks and the left out 3 are detected to still remain active.
However, according to FireEye, these left out botnets are still enabled to stay alive by concealing themselves behind fast-flux, or by constantly changing their domains. It still remains out of question as to how these botnets remain resilient in spite of the domains being completely destroyed. As such, the claim for these botnets' take down attempt still remains unjustified.
According to Atif Mushtaq, a Senior Staff Scientist at FireEye, the reason behind the MS Digital Crime Unit remaining silent over the three active domains is still not clear. In fact, their main concern should be the three active domains. The existence of these domains still poses danger and does not justify the criterion that the domains are completely destroyed, reports softpedia on April 4, 2012.
Nevertheless, this is the second instance of a takedown attempt being questionable during the last week. The claim behind Kelihos bot remaining active after a similar takedown by Kaspersky Lab was a similar instance in this context. According to them, Kelihos, or Hlux was altogether a new botnet, though its emergence was quite anticipated.
Related article: Infection in Chinese Security Website
» SPAMfighter News - 13-04-2012