Russian crimeware host is knocked off the web
- 17 May 2010
- From the section Technology
A Russian internet host reportedly popular with gangs who stole online bank logins has been taken offline.
The PROXIEZ-NET service had previously advertised itself as immune to attempts to shut it down.
Miko Hypponen, chief research officer at F-Secure, said the development was "very nice".
He warned that those who used the host for malicious purposes will almost certainly "already be switching to a different service."
Mr Hypponen said that PROXIEZ "have been known to be involved in various nasty businesses".
"We've noticed them in connection with Zeus, a toolkit written and sold by a Russian software engineer, which enables people to do keylogging to grab PayPal, eBay and online banking passwords," he said.
According to Mr Hypponen, the Zeus software itself is not illegal, but can be used for malicious purposes.
He said that PROXIEZ has been used as a host for the keylogging software, as well as a means of collecting "and maintaining keylogged information" through what are known as botnets.
Key-logging software is popular among thieves as a way to steal users' online bank login data.
It involves installing a small program on a computer, which records all keystrokes, and sends the details to the computer hacker.
But so-called crimeware or malware would be useless, without a means for the criminal gangs behind it to gather the information.
Rupert Goodwins, editor of ZDNet UK said this marked "another skirmish in the fight to decapitate the malware networks, in this case by disconnecting the control networks used to co-ordinate trojans and rootkits".
Malware "has to report back to base for instructions and to deliver its goods," he said.
"Cutting off that connection can disable entire networks in one go, but if the malware has the ability to find or create other connections then things can swiftly get back to (ab)normal."
Security response manager Patrick Fitzgerald at the security company Symantec said this was "a positive step in the fight against botnets like Zeus".
But he also warned that the benefits might be short lived as information thieves move their command and control to more sympathetic internet service providers (ISP's).
He added that PROXIEZ-NET "basically looks like its own ISP that was issuing web addresses for all purposes.
"There are bound to be some legitimate services on that site that will suffer as a result of this."