After takedown, botnet-linked ISP Troyak resurfaces

The Troyak ISP has found a new upstream provider, returning connectivity to Zeus servers

Last week FBI Director Robert Mueller called the fight against hackers "the cyber equivalent of cat-and-mouse." On Wednesday security experts trying to take down the Zeus botnet got a taste of what he meant.

Just hours after Internet service providers severed network connectivity to Troyak, an ISP associated with the Zeus botnet, the ISP has regained connectivity after peering with a new upstream Internet service provider.

"Don't worry, it is up and running again," Troyak spokesman Roman Starchenko said in an e-mail to IDG News Service. "We fixed our weakness and now it will become concrete stable."

He blamed the outage on an administrative error.

Security researchers confirmed Wednesday that Troyak was back online, after peering with an Internet service provider named Ya.

That means the 68 Zeus botnet command-and-control servers associated with Troyak can reconnect to hacked systems and issue new instructions. Disputing Starchenko's explanation, security experts say they had stopped that from happening by getting Troyak's upstream providers to stop peering with it, essentially isolating it from the rest of the Internet.

The person or group who knocked Troyak offline has asked to remain anonymous, according to several researchers familiar with the situation.

Zeus is a botnet kit used by a large number of cybercriminals. Researchers have counted 249 Zeus command-and-control servers to date. Another Internet service provider named Group 3 was also knocked offline Wednesday. It has not been reconnected, however.

The next step will be to "de-peer" Troyak from its new service provider, either an ISP named Nassist or its upstream provider, Hurricane Electric, said a researcher familiar with the matter who spoke via instant message on condition of anonymity.

The back and forth is reminiscent of the November 2008 takedown of San Jose, California, ISP McColo. When McColo went offline, a large percentage of the world's spam disappeared with it, but criminals were able to slowly regain control of their botnet networks, and spam levels returned.

That may well be what happens with Troyak, although some hope that won't be the case.

"We have taken some of their territory, they are trying to out flank us," the researcher said via IM. "We are going to win this one -- we have 'em boxed in."

Tags Zeus botnetsecuritybotnets

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?