In recent weeks, there has been a marked increase in efforts to disrupt botnets, with Microsoft utilizing legal channels and Spanish authorities arresting botnet administrators. Approximately one quarter of the computers currently part of the Zeus botnet have been knocked off-line after two Eastern European network providers cut off service to “their downstream customers,” according to an article on TheRegister.
Mary Landesman, researcher with ScanSafe who was recently acquired by Cisco, said that the disruption cut the connections of the servers used to control a significant proportion of the infected computers which make up the Zeus botnet. The number of active control servers for the Zeus botnet, determined using the Zeus Tracker, dropped by over 60, down to 181.
The two network service providers severed their ties with an ISP known as Troyak, which left customers unable to access the Internet.
“That’s a pretty interesting development and I think a very positive one, because they’re now putting the shared costs on the network service provider,” Landesman told TheRegister. “There’s not always a lot of impetus for these network service providers to take action, but as soon as you have such a severe repercussion where they’re actually not able to serve any of their customers, legitimate or otherwise, they’re now sharing in that cost.”