Huge ‘Botnet’ Amputated, But Criminals Reconnect
But the victory was short-lived. Less than a day after a service known as "AS Troyak" was unplugged from the Internet, security researchers said Wednesday it apparently had found a way to get back online, and criminals were reconnecting with their unmoored machines.
The drama initially raised hopes of a sharp drop-off in fraud, because criminals could no longer communicate with many computers infected with a type of malware known as "ZeuS," which is mostly used to steal online banking usernames and passwords. Hundreds of criminal operations around the world use the malware.
It's unknown how many computers are infected with ZeuS, but it's estimated to be in the millions. Cisco Systems Inc. said as many as 25 percent of the world's ZeuS-infected machines were unplugged from the massive "botnet" overnight with the takedown of AS Troyak.
Botnets are networks of infected PCs that behave like criminals' remote-control robots. They steal identities en masse and are used to attack Web sites.
But instead of a slam-dunk victory, the incident wound up highlighting the whiplash pace at which criminals can resurrect their illicit businesses after what should have been a devastating setback.
RSA, the security division of EMC Corp., said dozens of malicious servers that criminals used to spread ZeuS were connected to the Internet by AS Troyak. The service inexplicably went dark Tuesday, severing the ties between criminals and ZeuS-infected machines under their control.
It's not publicly known who pulled the plug. It could have been law enforcement, security researchers, or even the criminals themselves if they decided to move their operations to other servers.
Shutting down malware operations is...
