Swiss security blog Abuse.ch has reported that the worst Zeus botnet hosting ISP was taken off line yesterday, cutting the botnet’s number of servers from 249 to 181 – including the six worse ones.
Abuse.ch wrote: “As you can see in the chart above, on March 9th 2010, the number of active ZeuS C&C servers dropped from 249 to 181! The first thing I thought was: There has to be some problem with the ZeuS Tracker cron script. I checked the script – everything looked ok. So the massive drop of ZeuS C&C server is fact. I noticed that six of the worst ZeuS hosting ISP suddenly disappeared from the ZeuS Tracker.
“I verified the subnets of the affected ISP and came to the conclusion that Troyak-as (AS50215), the upstream provider for the six worst ZeuS hosting ISPs, was cut from the internet on 2010-03-09. “
“Massive Drop in Number of Active Zeus C&C Servers” here.
Tom Kelchner