Well known ZeuS hosting ISP “Group Vertical” offline

A week ago I wrote a post about the well known rogue ISP Group Vertical (see “Source of badness: Group Vertical Ltd (AS49365)”) which was top ZeuS hosting ISP over several month.

Today I took a look at the ZeuS statistics on the ZeuS Tracker and I was really suprised:

Number of ZeuS hosts after cut off AS49365

As you can see on the statistic above the number of active ZeuS Command&Control servers (C&C) had a big decreas on the 26th october 2009. My first thought was that there maybe was a problem with the ZeuS Tracker script. But after I tooked a look at the top ZeuS hosting ISPs on the ZeuS Tracker, I saw that all ZeuS Command&Control servers in the subnet of Group Vertical (AS49365) are offline. Finally I took a look at the CIDR Report for AS49365 and I was happy to see that this rogue AS is no longer being announced in the global BGP table:

Report for AS49365
Name GR-VERTICAL-AS Group Vertical Ltd

NOT Announced

This AS is not currently used to announce prefixes in the global routing table, nor is it used as a visible transit AS.
Prefixes added and withdrawn by this origin AS in the past 7 days.

– Withdrawn

Source: CIDR report for AS49365

So I guess that the Russian upstream provider Fiord has cut off their peers to the rogue ISP Group Vertical on 26th october 2009. As e result of this, Group Vertical lost their internet connection and the number of active ZeuS Command&Control servers (C&C) dropped rapidly from 190 down to 148 world wide – That’s more than 40 ZeuS Command&Control server which are now no longer reachable from the internet!

McColo… Ural Industrial Company… Real Host… Group Vertical… Who’s next? 😛

Leave a Reply

Your email address will not be published. Required fields are marked *