Browse archive

Latest news

Targeted data stealing attacks using fake attachments

A look into the EC Council hack

New Mac spyware signed with legitimate Apple Developer ID

Ransomware adds password stealing to its arsenal

"Get free followers" scam targets Instagram users

Thoughts on the need for anonymity

Four LulzSec hackers handed prison sentences

The New Yorker launches anonymous dead-drop tool

Researchers reveal OpUSA attackers' MO

Info-stealing Dorkbot worm spreading on Facebook

Review: The Hacker's Guide to OS X

Private messages of Bloomberg clients end up online

IT security jobs: What's in demand and how to meet it

Hacking charge stations for electric cars

Microsoft takedown of Zeus botnets missed a few C&Cs

Posted on 04.04.2012

When Microsoft, the financial services industry and Kyrus Tech teamed up to sinkhole a number of worldwide botnets using the Zeus family of malware, they managed to get the court's permission to seize the C&C servers in two hosting locations in the US.

But, according to FireEye's Atif Mushtaq, they haven't succeeded in taking down all of them, and of the remaining nine of one particular botnet, three (isdfsrttyqza.c0m.li, mylemain.com and stockli.us) are still active and sending out commands to zombie computers.

Mushtaq says that it is no wonder, as this particular Zeus variant is known for rapidly changing its C&C servers.

Two of the servers still out of reach of Microsoft are no longer resolving to an IP address, and four have been abandoned.

"I am not sure why the MS Digital Crime Unit has not been able to sinkhole all the C&C domains," he says. "Their main concern should be the three active domains. Without these domains completely destroyed, this botnet can not be officially declared as dead."