Botnets rose from the dead

Operators were able to stop a criminal network provider, but only over night. Misuse of the Internet to spread malicious code is a far graver threat in terms of both public safety and in dollars and cents, than piracy. It is a paradox that while film and music industry requires network provider standing on the barricades against the pirates, there are few voices that rise to the network provider, if the channels are used to the really serious crime, is ordered to work together to close the criminal services. In recent weeks, however, turned up two cases where this type of action apparently is tried. At the beginning of March, Microsoft went to court and got a court order that made it possible to shut the sites behind the bottom subset known as Waledac. Monday night this week confirmed web monitor among other things, Cisco Scan Safe and RSA Fraud Action that a network provider in Kazakhstan, Troyak suddenly were totally cut off from the outside world. Troyak delivers a range of criminal services, and home to lots of servers used to spread botnet Trojans, especially Zeus behind a botnet of up to 100 million PCs. Cisco and RSA noted that the spread of Zeus stopped almost immediately. Website abuse.ch, which delivers a separate service where Zeus tracked, has since compiled these statistics:

The chart shows clearly how the closure was effective 9th March, and even more effective 10 March. Since it is clear that the spread of Zeus has picked up again.
RSA and Cisco confirms the reports and interviews with, among other things, Dark Reading the closure of Troyak had a clear, but the time-limited effect on the bottom Zeus kit.
What really caused the Troyak was cut off from the net, has not been verified. It most likely is that one or more of those who operate regular nights as Troyak depends, has taken some appropriate measures. In an interview with The Register shows Cisco Scan Safe to data from robtex.com suggesting that the two network provider, IHome in Ukraine and Oversun Mercury in Russia, may have collaborated on closure.
Although the measure effect was limited in time, said both Cisco and RSA that the closure of network provider who knowingly contributes to spread malicious code, is the way to go. Although Zeus was resurrected one hundred percent, helping to increase the closing costs of the criminal, and hence the profitability of the light shy busy behind viruses, worms and Trojans.
Another point is that it helps to raise the awareness of network provider public, so that it can no longer turn the blind eye to crime is happening in their networks.