Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Zeus Botnet Down But Not Out

timothy posted more than 4 years ago | from the like-the-energizer-bunny-in-more-ways-than-one dept.

Botnet 67

harryjohnston writes "The Register points out that the takedown of a significant number of Zeus command-and-control servers, which we discussed earlier, was a short-lived victory, as about one-third of the affected servers were back on the net in less than 48 hours." Adds itwbennet: "Just hours after network connectivity to Troyak was severed the ISP peered with a new upstream Internet service provider named Ya. The next step will be to 'de-peer' Troyak from its new service provider, either an ISP named Nassist or its upstream provider, Hurricane Electric, said a researcher familiar with the matter. 'We have taken some of their territory, they are trying to out flank us,' the researcher said via IM. 'We are going to win this one — we have 'em boxed in.'"

cancel ×

67 comments

Sorry! There are no comments related to the filter you selected.

Sometimes headshots aren't enough (2, Funny)

Anonymous Coward | more than 4 years ago | (#31448820)

n/t

Rule #2 (4, Funny)

Anonymous Coward | more than 4 years ago | (#31449098)

Double Tap

Re:Redundancy (5, Insightful)

symbolset (646467) | more than 4 years ago | (#31449100)

This is actually informative. Botnets are the very model of enterprise redundant high-availability. The technology is remarkable in its resilience. You could wipe out Europe and Asia with dual asteroids, and the thing would keep going.

If you want to keep your enterprise up no matter what happens then you need to be prepared for a headshot. They are, and it's not enough to bring them down. How prepared are you?

Re:Redundancy (-1, Troll)

Anonymous Coward | more than 4 years ago | (#31449170)

Yo mama is always prepared to give head, nigger.

Re:Redundancy (2, Funny)

Scrab (573004) | more than 4 years ago | (#31449678)

Why do I have the Major General's song in my head now?

"I am the very model of good "high availability.
My peers and I retain a certain level of redundancy."

Damnit, I'm meant to be at work, not filking...

Re:Redundancy (1)

jon3k (691256) | more than 4 years ago | (#31452434)

Well if I could steal my service from a few million locations I'd probably have pretty good uptime too. Oh and if the only service I needed to deliver was 1kb/s ascii text control channel, yeah, I think I'd do ok.

Rule #1 (0)

Anonymous Coward | more than 4 years ago | (#31452710)

Cardio

'We have taken some of their territory, they are trying to out flank us,' the researcher said

Good! (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#31448822)

My Vi4gr4 supply is getting low.

FIRST (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#31448824)

FIRST POST YAY

This botnet has but one goal. (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#31448832)

KILL. ALL. HUMANS.

Car Analogy (1, Funny)

SolidAltar (1268608) | more than 4 years ago | (#31448838)

So the Zeus is like a Toyota. You get a fix for it but it turns out they'll just keep going anyway.

Re:Car Analogy (1, Funny)

Anonymous Coward | more than 4 years ago | (#31448860)

Just no man, no. Let it go...

Re:Car Analogy (2, Funny)

SolidAltar (1268608) | more than 4 years ago | (#31448884)

Car analogies
I don't know how to quit you.

Re:Car Analogy (0)

Anonymous Coward | more than 4 years ago | (#31449022)

I am so glad I'm not a car analogy right now.

Re:Car Analogy (0)

Anonymous Coward | more than 4 years ago | (#31450320)

Here's a suggestion: pick a new line of jokes.

I know that may sound too easy, so let me explain it like this: you want something new, something different, so you take your car to the dealership and get a truck ... oh, wait ...

Re:Car Analogy (0)

Anonymous Coward | more than 4 years ago | (#31448938)

So....

In Imperial Japan, car stops you.... permanently!

"Ya" right (0)

Anonymous Coward | more than 4 years ago | (#31449090)

/.

Well I'm sold. (5, Funny)

Anonymous Coward | more than 4 years ago | (#31448840)

How much are they charging per month for use of a command-and-control server? Can I host my e-commerce site on Zeus?

Do you have to share the command and control server with other users? Or do they have a "private command server" option?

(On a side note- will twittering help my business?)

Re:Well I'm sold. (1)

nextekcarl (1402899) | more than 4 years ago | (#31448906)

I remember the old days, when businesses just hired twits to run them.

Re:Well I'm sold. (5, Interesting)

ae1294 (1547521) | more than 4 years ago | (#31448922)

Can I host my e-commerce site on Zeus?

I'm not sure if this is funny or dreadfully insightful... Most data centers can't keep it up for a single year but then you have schmucks who keep these bot-nets up seemingly forever.

Are we looking at the future of serious web-hosting?

Re:Well I'm sold. (5, Interesting)

timmarhy (659436) | more than 4 years ago | (#31448932)

it's almost like you've come up with a method of distributing data amongest "peers", so when one peer goes offline others continue to send data giving you redundancy. i think we should call it b2b - bot 2 bot.

Re:Well I'm sold. (3, Informative)

Cryacin (657549) | more than 4 years ago | (#31448974)

Gah. This is what "Cloud Computing" or as it *used* to be called "Grid Computing" is meant to do. That is, until marketing got into it, and confused the hell out of just everyone.

Re:Well I'm sold. (0)

Anonymous Coward | more than 4 years ago | (#31449346)

Whoosh!

Re:Well I'm sold. (1)

oldhack (1037484) | more than 4 years ago | (#31449104)

So what you are saying is, harness the evil for the good? Embrace and extend, am I getting it right?

Re:Well I'm sold. (3, Interesting)

ae1294 (1547521) | more than 4 years ago | (#31449334)

Embrace and extend, am I getting it right?

Yeah... think of a future EULA where you give a corporation or even some random freeware coder permission to use your computer while it's at idle and in exchange they give you a discount on your next purchase of $50 or more from their eStore or some other such idiocracy...

It sounds horribly doable so why pay to host the cloud when you can force your users to pay you for the privilege to do so?

And how would one police such a thing where everything is encrypted and special commands can be sent to a limited numbers of clients in very specific locals with no one being able to tell? I can thing of some serious evil that could be done where the end user would take the fall for cybercrime because no one at corporation X would ever abuse it's users.

Microsoft can't get everyone to pay for windows? no problem they release Windows 8 - Free bot-net Edition.. We are almost there now with the whole phone home every day to verify your copy WGA crap.

New DRM for your Game? Sure overwrite your game's executable every hour or change your encryption keys. Something not right on a hosts computer? Well the EULA clearly states you can nuke their OS. I mean it was on the box remember?

Heck, remember when Netzero was free because of the ad banner? This is far more evil and far more useful. Wanna play the new US Army 3D shooter game? Sure no problem, join the botnet today! It's free and we promise not to use your computer to DDoS Canada because they still don't have good enough copyright laws....

Or

What about a new closed source encrypted bit-torrent protocol where the user agrees to host part of the pirate bay database or track random torrents? You wanna download warez or music kid? Alright, but you gotta join our botnet first. Together we are strong right? I mean you're only 15 kid.... no one will arrest you for hosting kiddy porn or the latest best-of metallica holodisk.. I mean it's your evil parents who pay for the internet anyhow kid so forget-about-it....

Wow... I think I just totally lost what little mind I have left for a moment, sorry... now back to your normal slashdot flamewar already in progress...

Re:Well I'm sold. (1)

phiwum (319633) | more than 4 years ago | (#31452236)

Microsoft can't get everyone to pay for windows? no problem they release Windows 8 - Free bot-net Edition..

Aside from the cost, how would this edition differ from other Windows releases?

Re:Well I'm sold. (1)

ae1294 (1547521) | more than 4 years ago | (#31458832)

Aside from the cost, how would this edition differ from other Windows releases?

4 Registry key values, 1 dll and a special theme... O and it would be the beta test ground for all windows patches. No more patch Tuesday for those running this version...

Re:Well I'm sold. (1)

SharpFang (651121) | more than 4 years ago | (#31449724)

"I am part of that power which eternally wills evil and eternally works good. "

Re:Well I'm sold. (1)

ae1294 (1547521) | more than 4 years ago | (#31449362)

i think we should call it b2b - bot 2 bot.

You joke but I'm already on a conference call with a trademark and patent lawyer! You'll be licking my boot this time next year and thanking me for the honor...

Re:Well I'm sold. (0)

Anonymous Coward | more than 4 years ago | (#31450372)

Sorry to steal your thunder, but bot 2 bot [bot2bot.com] is already a hosting company. They claim "bot2bot uses the most powerful web design tools available on the market today", which they identify as Joomla.

Not to worry, these guys aren't running Zeus.

Re:Well I'm sold. (4, Interesting)

symbolset (646467) | more than 4 years ago | (#31449156)

It's called "bulletproof hosting". You pay in E-gold. Preferably from an account with a fake name.

But yes, they can keep your site up even against determined government-based opposition. They have private command server and random host virtual desktops. You can buy botnets by the host or rent them by the hosthour. DOS hosts are ready for your competitor throttling needs, and bulk discounts scale appropriately. Please be advised that certain challenging chores like DDoS of national infrastructure servers require open finance accounts and sufficient credit must be made available before the attack starts.

Almost without exception, the hosts themselves run Windows.

Re:Well I'm sold. (1)

ae1294 (1547521) | more than 4 years ago | (#31459192)

It's called "bulletproof hosting". You pay in E-gold. Preferably from an account with a fake name.

Hey I got some venture capital over here! We just gotta western union it first but you can help me with that right?

Tom and Jerry (1)

Chewy71 (1418757) | more than 4 years ago | (#31448866)

This cat and mouse game that they are playing here reminds me of another cat and mouse......

Re:Tom and Jerry (1)

actionbastard (1206160) | more than 4 years ago | (#31451008)

Itchy and Scratchy?

Dang. I wish my webhost (0)

Anonymous Coward | more than 4 years ago | (#31448908)

were that reliable...

Here's how to defeat Zeus... (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#31448944)

Zeus is the Greek god of the Sky right...and he throws lightning bolts. What can we do about that? Well, we can encase ourselves in rubber. Then his lightning bolts won't be able to hurt us.

Accordingly, I'm now offering you a special on Rubber Suits. Protect yourself from Zeus!

And coming soon, protect your computer from Zeus by encasing it in rubber too.

Re:Here's how to defeat Zeus... (5, Funny)

Cryacin (657549) | more than 4 years ago | (#31448978)

Aparently if your father had encased something else in rubber, we wouldn't have to listen to your drivel...

Re:Here's how to defeat Zeus... (0)

Anonymous Coward | more than 4 years ago | (#31448986)

All they had back then was lambskin.

Re:Here's how to defeat Zeus... (2, Funny)

Anonymous Coward | more than 4 years ago | (#31449782)

All they had back then was lambskin.

So? Banging sheep is a perfectly good method of birth control.

Hah! captcha = untapped

Re:Here's how to defeat Zeus... (0)

Anonymous Coward | more than 4 years ago | (#31449128)

Bazinga!

Gotta kill the very last one (0)

Anonymous Coward | more than 4 years ago | (#31448980)

Ummmm... Isn't it true that if even one C&C is alive you really haven't killed the botnet? The more you kill the more you slow it down but it's still there.

This is so cool (1)

countertrolling (1585477) | more than 4 years ago | (#31449034)

Just like a real war..

"We got Charlie boxed in"

Re:This is so cool (1, Funny)

Anonymous Coward | more than 4 years ago | (#31449228)

Might work if you're fighting Charlie. It don't work if you're fighting Marines.

"All right, they're on our left, they're on our right, they're in front of us, they're behind us...they can't get away this time"
- Lewis B. "Chesty" Puller, USMC

Big Surprise (0)

Anonymous Coward | more than 4 years ago | (#31449042)

Hurricane Electric.. there's the problem. Blocked all email from their scummy network years ago and never looked back.

Botnets (1)

Evelas (1531407) | more than 4 years ago | (#31449064)

There are stories about botnets all the time, but I usually don't see anything about how to remove them. I'm pretty confident in my browsing habits, but the same can't be said for my relatives. What's the easiest way to check a machine for infestation? Do standard virus scanners handle it, or programs like Malewarebytes?

Re:Botnets (5, Informative)

SolidAltar (1268608) | more than 4 years ago | (#31449116)

MalwareBytes is shockingly good at malware removal. Theres almost nothing else like it.
Also, dump Symantec and McAfee crapware for Microsoft Security Essentials or something like NOD32.

Symantec and McAfee no longer keep up with viruses. Every day I'm doing janitor on systems with Symantec Endpoint. I transfer the viruses from the infected machines to my own to submit them to Microsoft...but then Security Essentials picks them up. Symantec has no clue.

Re:Botnets (1)

jonwil (467024) | more than 4 years ago | (#31449516)

if Symantec and Norton and Mcafee are so pathetic, why does anyone bother with them anymore?

I have both companies (and ALL the products they make) on my personal "list of software I refuse to install on any PC I own" and have been recommending alternatives like AVG to anyone else (especially people who's computer I am re-installing or degunkifying)

Re:Botnets (2, Insightful)

SolidAltar (1268608) | more than 4 years ago | (#31449554)

They are ingrained and famous to PHBs.
Plus, they have lists of impressive features.

They still suck though.

Re:Botnets (0)

Anonymous Coward | more than 4 years ago | (#31449986)

if Symantec and Norton and Mcafee are so pathetic, why does anyone bother with them anymore?

For the same reason why Microsoft products are still in use when better alternatives are available.

People hate change.

BTW, give Antivir a try it is MUCH better then AVG.

Re:Botnets (0)

Anonymous Coward | more than 4 years ago | (#31453420)

Marketing.

Random schlocks have heard of "Norton". They might not have heard of Malwarebytes.

It's all in name recognition, no matter how piss-poor your product is.

Re:Botnets (4, Interesting)

Anonymous Coward | more than 4 years ago | (#31449150)

Nothing special to it. It's just like a standard virus infection. Take the Blaster worm, for example. You can normally just look at router lights and see if someone's infected (well, unless there's a person constantly streaming music.) The point is that these zombies are up all day getting and receiving data, like a webhost. The data is either addresses to be newly infected, or new command data containing the payloads with the actual spam to be sent out.

If you turn off all the P2P apps, let the PC boot up to a desktop and the network light for that PC immediately goes non-stop for more than 15 minutes, you're infected. No buts.

Re:Botnets (1)

SolidAltar (1268608) | more than 4 years ago | (#31449556)

Or your computer could be downloading a new Office or Windows service pack....

Re:Botnets (1, Informative)

Anonymous Coward | more than 4 years ago | (#31450336)

Don't know about you, but I set Automatic Updates to notify only on every computer I own. The hassle of downloading updates manually outweighs the downside of terrible latency.

Re:Botnets (0)

Anonymous Coward | more than 4 years ago | (#31450492)

Or your computer could be downloading a new Office or Windows service pack....

Or trying to play ACII without you.

Re:Botnets (3, Funny)

Fnord666 (889225) | more than 4 years ago | (#31450398)

What's the easiest way to check a machine for infestation?

Reboot the machine. If the startup screen says Windows, just go ahead and assume it's infested.

Hurricane Electric wtf (0)

Anonymous Coward | more than 4 years ago | (#31449178)

okay so HE hosts McColo and is the upstream for this shit and my company gets shit canned from them for what a spamcop complaint? Was it a legit complaint? Yes and I shit canned the customer, but this really pisses me off. They let really bad people run on their network and they shoot the little guy getting abused. I guess if you have enough money it doesn't matter what you do on their network till the feds get involved.

Kinda, yeah (1)

Wee (17189) | more than 4 years ago | (#31449418)

I've had a website hosted on Hurricane Electric since 1997. Email too. They've been really reliable. So it'd suck for them to go down because of some vigilante reaction to a botnet.

-B

Re:Kinda, yeah (3, Informative)

TheMidget (512188) | more than 4 years ago | (#31449546)

I've had a website hosted on Hurricane Electric since 1997. Email too. They've been really reliable.

Yeah, too bad they no longer are...

So it'd suck for them to go down because of some vigilante reaction to a botnet.

Indeed, that'll suck. I guess it's time now to shop around for a more trustworthy hosting provider?

Re:Kinda, yeah (1, Interesting)

Anonymous Coward | more than 4 years ago | (#31450804)

I was worried about that too, since I've had hosting with HE, so I took a look at the routing history for Troyak's IPs.

Looks like any time Troyak spent transiting HE was limited to a couple hours. BGPlay shows AS50215's (Troyak) prefixes transited Nassist starting on the 10th. Shortly afterwards it looks like HE (6939) dropped those prefixes from Nassist, saw them from another peer, and then only saw them from Global Crossing (3549) (one of HE's transits). A little after that Nassist dropped the Troyak peering as well. Troyak's since had service with RTComm, and looks to be getting nuked from them too. From here it looks an HE customer turned up a customer, found they were a bad apple and threw it back.

Stick 91.201.28.0/22 into BGPlay for an entertaining view of BGP routing and people cutting heads off a hydra.

Pay your bills criminals! (0)

Anonymous Coward | more than 4 years ago | (#31449372)

To tell the truth, the only thing i got was that

these losers did not pay their Internet bills to take over the world like Stewie!

Stewie had the world and let it go!

Maybe now is good time to start building wall (1)

andot (714926) | more than 4 years ago | (#31449408)

We probably need to bild new great firewall around countries and ISPs hosting C&C nodes. Those are the same countries every time where to the botnet owners move their activity ( names are in articel )

Re:Maybe now is good time to start building wall (0)

Anonymous Coward | more than 4 years ago | (#31449444)

Last I checked, firewalls kept unwanted traffic out — not in.

Re:Maybe now is good time to start building wall (2, Insightful)

andot (714926) | more than 4 years ago | (#31449522)

Firewalls work both ways, and you can always switch WAN and LAN cables :)

yGoU FAIL it? (-1, Troll)

Anonymous Coward | more than 4 years ago | (#31449416)

later s3en in

We are learning valuable things (1)

Arancaytar (966377) | more than 4 years ago | (#31449582)

When SkyNet comes, we will know how to fight it!

Really need to stop.... (1)

hesaigo999ca (786966) | more than 4 years ago | (#31450830)

Some people really need to stop posting what they are doing or about to do....gives a heads up to the trojan writers what
to think of next to counter the attacks. I think it is a great feat none the less, but could we have really kept them down longer had we not
had a play by play....also like the Borg, now they know the type of attack vectors that are being used against them, so they will adapt, and figure a new way to connect to control and command centers, I know I would had i just finished spending all my time on my botnet, and someone figured out how to munch my communication to it.

A Modest Proposal (0)

Anonymous Coward | more than 4 years ago | (#31463186)

I posted a remark in the topic about New Zealand ISPs agreeing to filter. I think it fits better here.

A well-distributed botnet, with fast flux DNS switching, could be turned into a pretty good replacement for freenet, and an efficient way past these clumsy government-inspired filters. Somebody with a botnet could sell such a service.

There are several problems with trust. One is how to trust the owner with your credit card details. CCBill maybe?

Powerful malware on the zombie exit points ought to offer better assurance of anonymity than is available on the volunteer nodes of freenet.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?