Trusteer reports US and Russia now primary sources of Zeus servers

Amit Klein, CTO of the in-browser IT security software specialist, says that the US (39.8%), Russia (21.6%) and Ukraine (6.5%) were the top three countries, with Eastern Europe accounting for 32.0% of Zeus configurations.

"That doesn't mean other countries are off the hook, as China, Malaysia, Iraq and Canada – along with Germany, the UK and the Netherlands in the EU territories – are also responsible for web sites with hosted Zeus environments", he said.

Klein went on to say that analysis of 20 the organisations that account for over half of the C&C controllers reveals that five of the 20 service providers – Informex, PAN-SAM Ltd., S.Point, LLC Management, and Delta-X LTD – are on the Ukrainian networks and responsible for 16% of Zeus C&C servers.

"Another five service providers are on the US networks and responsible for 14% of Zeus C&C systems, with GoDaddy.com accounting for a hefty 5% of American Zeus C&C sites", he said in his security blog.

Further analysis of sites IP-accessible over the last 80 days, he added, makes for some interesting reading, as 29% were found to be US websites, with Ukraine (17%) and Russia (14%) once again joining the US on the Zeus hall of shame podium.

Dipping into the Trusteer research reveals some interesting data, such as the UK accounting for 6%, and the rising technology nation of Poland accounting for 5% of ping-accessible C&C systems.

Equally surprising, says Klein, was the inclusion of Bosnia and Herzegovina in the 'charts' with 3% – no mean feat for a country of 3.8 million citizens, he added.

"More than anything, these detailed statistics show that the 'global internet' is fast becoming highly diversified, but the increasing usage of automated registration and servicing systems on the Internet means that human operator monitoring of hosted systems is become less frequent in those countries with good internet access.

As well as driving the cost of hosting downwards, this has the worrying effect of making it all too [easy] to register and set up a C&C and/or Zeus-infected web site plus allied systems, and using the platform to infect the general internet user community", he said.

What’s hot on Infosecurity Magazine?