Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Srizbi botnet flounders after McColo shutdown

Head chopped off huge bot.

Article comments

Large numbers of infected computers have been searching in vain for the Srizbi botnet disrupted by the disconnection of ISP McColo a week ago, a security vendor has found.

According to FireEye Security, the company has detected a total of 450,000 compromised IP addresses have been trying to connect to Sribzi-controlled command and control computers that would have been hosted by McColo until it disappeared.

The company identifies Srizbi by monitoring computers that attempt to connect to IP addresses or from November 12 onwards, and recommends that admins check firewall logs to trace http traffic opening ports to these locations.

The majority of infected PCs will likely be poorly-protected consumer PCs, but in principle an IP connection attempts can come from any PC, servers included. If infected PCs are located on a network, the company cautions that cleaning a system might not be straightforward.

"Srizbi installs a rootkit that hides its changes to system files and registries. In environments where periodic system snapshots are taken, it will be easier to perform a system restore from a known clean snapshot," says a company blog.

Srizbi is only one of a number of high-profile botnets that have been severely disrupted by the de-peering of US-based ISP McColo, after complaints about its alleged hosting of criminal networks. In a working state, Srizbi would use compromised PCs to flood the world with spam.

It's not clear whether the news that McColo managed to fire into action briefly in recent days will have helped the botnet move its zombie PCs to new controllers hosted elsewhere.

FireEye explains its traffic-analysis system in more detail on its website, and has also published a list of tools for cleaning up PCs affected by Srizbi.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *