ISP takedown hamstrings Zeus malware

Security firms chalked up a victory Wednesday with the takedown of dozens of malware botnets.

Kazakhstan-based service provider Troyak was shut down Tuesday night, crippling six smaller ISPs which were helping to run botnets based on the Zeus malware infection.

A coalition of six anonymous security firms convinced host companies of Troyak to shut down the company's systems, an act which took down the command and control servers for 68 of the 249 known Zeus botnets, including the network used to steal US$415,000 from Bullitt County, Kentucky.

The takedown could deal a significant blow to criminals running Zeus. The malware has become notorious amongst security firms due to its ease of use and ability to inject code directly into otherwise legitimate files.

Cisco ScanSafe security researchers Henry Stern and Mary Landesman told V3.co.uk that while the takedown may not by itself have a long-term impact on numbers, the tactic of pressuring legitimate host companies to cut ties with shady service providers and botnet operators could pay big dividends in the fight against cybercrime.

"A bot is very cheap, but a router and a server are very expensive," explained Stern.

Additionally, security firms are hoping that by outing the companies who provide service for criminal activity, larger firms will crack down on their clients in order to preserve their corporate reputations.

"It can have a deterring impact because you're forcing a rise in the cost of doing business," said Landesman.

"When you go after the high level, it creates a financial impact for these legit companies."