Three command-and-control (C&C) servers, which are feeding instructions to computers infected with the Zeus trojan, still are operational despite a Microsoft-led effort to disable the botnet, according to researchers at security firm FireEye.
Late last month, US Marshals led the raid on hosting locations where they confiscated C&C servers and took down two key IP addresses in the process.
In addition, as a result of the seizure, Microsoft assumed control of some 800 domains involved with the servers, a process known as sinkholing.
Atif Mushtaq, a senior staff scientist at FireEye, said in a blog post this week that the company has tracked more than 150 domains used by the botnet.
But researchers found that despite the dismantling, three domains associated with Zeus remain live.
Botnets sometimes are able to stay alive by hiding behind fast-flux, or constantly changing, domains, but Mushtaq seems perplexed as to exactly why these three have been so resilient.
"[Microsoft's] main concern should be the three active domains," Mushtaq wrote. "Without these domains completely destroyed, this botnet can not be officially declared as dead."
A Microsoft spokeswoman did not immediately respond to a request for comment.
_(33).jpg&h=140&w=231&c=1&s=0)
_(36).jpg&h=140&w=231&c=1&s=0)
Cyber Resilience Summit
iTnews Executive Retreat - Security Leaders Edition
Huntress + Eftsure Virtual Event -Fighting A New Frontier of Cyber-Fraud: How Leaders Can Work Together
iTnews Cloud Covered Breakfast Summit
Live & Hands On Demo: Navigating the BMC AMI DevX Platform to Understand Code Faster Using AI
_(1).jpg&h=140&w=231&c=1&s=0)
