Sunday, March 28, 2010

There are Bad Neighborhoods Online Too

From the good netizens at the Zeus Tracker ...
I always check the ZeuS Tracker statistics to get some information about the trend of the active ZeuS Command&Control servers. This morning I was really surprised what I saw on the ZeuS Tracker statistic page:
As you can see in the chart above, on March 9th 2010, the number of active ZeuS C&C servers dropped from 249 to 181! The first thing I thought was: There has to be some problem with the ZeuS Tracker cron script. I checked the script – everything looked ok. So the massive drop of ZeuS C&C server is fact. I noticed that six of the worst ZeuS hosting ISP suddently dissapeared from the ZeuS Tracker.

I verified the subnets of the affected ISP and came to the conclusion that Troyak-as (AS50215), the upstream provider for the six worst ZeuS hosting ISPs, was cut from the internet on 2010-03-09. As a result, the following ISPs lost their internet connetivity which finally resulted in a massiv drop in the number of active ZeuS C&C servers.
In the physical world were attuned to sense danger. We all can instinctively recognize a bad neighborhood. When we see dilapidated buildings, broken street lights, liquor stores on every block, prostitutes working street corners, and a lack of police presence we all understand that we are not in a safe neighborhood.

However, we have not yet developed the same sensory perception for our digital lives online. The Internet is made up a series of neighborhood known as autonomous system (AS). Internet Service Providers "rent" space from these autonomous systems and provide hosting services for customers. Some criminal or indifferent hosting providers will work with likeminded autonomous systems to serve criminals and terrorists. These bad service providers foster bad neighborhoods online that allow for a good deal of the malicious activity that we see online today.

No comments: