A friend over MDL just informed me today that another bulletproof hoster called GR-VERTICAL-AS Group Vertical Ltd (AS49365) has gone offline this night. Back in october 2009 I wrote a blog post about this ISP (see Source of badness: Group Vertical Ltd (AS49365)) and described how bad this ISP is. A few days later, Groupe Vertical has been disconnected from the internet. Unfortunately, the bad guys just managed to get online again.
Now it seems that this night their upstream provider VLineTelecom LLC Moscow (AS39150) just cut their peering with Group Vertical:
This AS is not currently used to announce prefixes in the global routing table, nor is it used as a visible transit AS.
Prefixes added and withdrawn by this origin AS in the past 7 days.
– 22.214.171.124/24 Withdrawn
As of yesterday, this ISP has hosted 20 ZeuS C&C servers in their subnet:
Due to the fact that Group Vertical is offline again, the number of active ZeuS C&C server will just drop again today! But there is even more work left to do:
- AS49544 (INTERACTIVE3D-AS Interactive3D)
- AS29371 (GAZTRANZITSTROYINFO-AS LLC _Gaztransitstroyinfo_)
- AS34305 (EUROACCESS Euroaccess Global Autonomous System)
Let’s see how long these ISPs will stay online….