back to article Zeus botnets suffer mighty blow after ISP taken offline

At least a quarter of the command and control servers linked to Zeus-related botnets have suddenly gone quiet, continuing a recent trend of takedowns hitting some of the world's most nefarious cyber operations. The massive drop is the result of actions taken by two Eastern European network providers. On Tuesday, they pulled the …

COMMENTS

This topic is closed for new posts.
  1. Disco-Legend-Zeke
    Grenade

    At The Risk Of...

    ...being repetitious. The white hats should use captured C&C domains to issue "Sleep" commands to bots.

    To avoid discomfort, properly lubricate all objects prior to spammer insertion.

    1. GloomyTrousers
      Pint

      Discomfort

      "...properly lubricate all objects prior to spammer insertion."

      A suitable lubricant can be obtained by mixing superglue, broken glass and rusty nails. Apply liberally to object before using on spammer.

  2. BristolBachelor Gold badge
    WTF?

    Sledge hammer, meet nut

    "That's a pretty interesting development and I think a very positive on..." Landesman told The Register.

    WTF?? Positive? Will you still think it's positive when you loose YOUR internet connection because one of the other 10000 customers of your ISP did something someone doesn't like?

    I'm all for cutting off the connections of those running C&C channels. I'd even cut off those with zombie machines (when I was with Demon internet, they would cut you off your mail connection for running open mail relays). But cutting off an entire ISP because some of it's customers are bad ones and giving two fingers to all their other customers is a bit too much.

    1. Anonymous Coward
      Anonymous Coward

      Missed the point?

      The objective is not just to take bad guys off line, but to make the ISPs actually start taking this seriously and take action themselves. At which point it will be more targeted.

      [need an arrow missing the target icon, perhaps]

    2. A Known Coward
      FAIL

      Nut? More like a mountain.

      No, sorry, but I disagree. The problem of spamming and botnets has been out of control for a while now, the time for diplomacy has passed. The ISP(s) in question ignored requests to keep their house in order, they have failed to do anything about it. In some cases these small ISPs are even run by crooks for crooks.

      If a nightclub has a reputation for fights, drugs and generally causing a problem for local residences then their liquor license is pulled and the place is closed down. No-one finds that to be unreasonable, so why is this any different?

      They should have been doing this years ago, before spam, phishing and DDOS attacks became a fact of life on the internet.

    3. Rob Dobs

      due dilligence

      I would assume, unless told otherwise that the Upstream provider would have attempted to do this at some point. If you are unwilling to respond as an operator to issues of abuse, you should expect to loose your operator rights. This goes for almost any network, or any kind, even social networks. If lots of your friends are crooks, and keep causing trouble, people will not want to be around you.

      I understand your point, lets not punish the innocent. Legitimate customers should find a more reputable ISP, one not at risk of this kind of supportive behavior that gets them axed.

  3. jake Silver badge

    Eh?

    "One quarter of C&C channels vanish"

    Coffee & Cats aren't going to go away anytime soon, at least not here at chez jake ...

  4. Wize
    Thumb Up

    Many ISPs dont care

    They get their money and ignore all complaints from outside. This will get some ears open.

  5. Owen Carter
    Boffin

    @Lonelyguyinbristol.

    > WTF?? Positive? Will you still think it's positive when you loose YOUR internet connection because one of the other 10000 customers of your ISP did something someone doesn't like?

    I think you'll find these 'ISPs' customers were almost exclusively criminals, plus a bunch of spinternet houses and other undesirables who could not get hosted elsewhere. This was their whole raison d'être, and I'm sure they charged handsomely for it too..

    Dont worry, BT broadband are not going to be cut off in the same way even if a few idjeeots and crims pop up there occasionally too.

  6. copsewood
    Boffin

    reputation and externalities

    In the financial world reputation (i.e. the ability to provide a credit contol reference) is in the hands of a few specialist companies. In the bricks and mortar world if you live or landlord in an area with many crooked neighbours you either bear a share of the costs of the bad neighborhood or you move somewhere else. We're likely to see similar economic and social pressures in the Internet world. Reputation providers such as Spamhaus or the Denyhosts data sharing server blacklist addresses responsible for bad traffic and those running SMTP or SSH servers which don't use these blacklists or are subject to higher volume attacks than those which do. Eventually if too high a proportion of an ISPs addresses emit bad traffic then other ISPs won't peer, because for them the costs of keeping a peg on their noses can become greater than the benefits of the traffic sharing peering arrangement.

    This isn't an issue of fair or not fair, it's to do with economic and social realities which occur in other contexts catching up with the Internet world.

  7. Ginolard

    I don't think Westwood Studios will care

    "One quarter of C&C channels vanish"

    They'll just release another re-hashed version of the same tired, formulaic crap they've been living off for the past decade and the fanbois will create more channels.

    Wait. We are talking about the same thing here right?

  8. Steve B
    Thumb Up

    I'm all for it.

    When I had responsibility for my corporate network, I used to report all attacks to the ISPs and if, after persistent attacks and reports they took no action, I would send them an email stating that I was holding the ISP commercially responsible for any damage and all cleaning up costs relating to attacks from their networks. That used to kick some into life.

    Many used to resolve the problem on their own, but I used to laugh when I got responses from Russia. "You will have no more problems, we have terminated the user." used to conjure up interesting speculation.

This topic is closed for new posts.