Just without a comment.
If you want to see the whole statistic you can take a look on it on the ZeuS Tracker statistic page (link).
The webserver which is hosting abuse.ch and ZeuS Tracker is currently under high system load due to a ongoing DDoS attack against the blog (abuse.ch). The DDoS has started yesterday 02:00 pm (UTC):
The origin seems to be the same as last time (see previous post “DDoS Angriff & Joe Job gegen abuse.ch (german)”). Fact is, that the bots are using the same user agents as during the attack last year:
FAST-WebCrawler/3.8 (atw-crawler at fast dot no; http://i.love.teh.cock/support/crawler.asp)
Mozilla/5.0 (Slurp/cat; email@example.com; http://www.supercocklol.com/slurp.html
Mozilla/4.0 compatible ZyBorg/1.0 (firstname.lastname@example.org; http://www.lolyousuck.com)
If we google the user agent above we will find some interesting information about the origin of the DDoS attack:
“Letâ€™s take a look at yet another bot originating from the Mother Russia. Itâ€™s called Illusion, and it has a nice and clear GUI tool for configuration that even an idiot (you could argue that only idiots use malware anyway) can use.”
Source: MWBlog: “Illusion – Now you see me, now you donâ€™t”
Currently it seems that the DDoS mitigation was successfull so that abuse.ch is now up and running again (but unfortunately with a high response time because the DDoS attack still goes on). Let’s see what happens in the next few hour/days.