Ukrainian ISP servers shut down

The ISP's servers were reportedly at the centre of a set of botnets operated by the Zlob (aka DNSChanger) family of Trojans.
Tim Fitzpatrick, a spokesperson for the FPL Group, FiberNet's parent operation, is quoted by the Washington Post as saying that UkrTeleGroup's peering connections were terminated due to its violation of the company's terms of agreement.
The DNSChanger Trojan usually consists of 1.5 kilobytes file that is designed to change the 'NameServer' Registry key value to a custom IP address.
This IP address, Infosecurity understands, is usually encrypted in the body of a Trojan. As a result of this change a victim's PC will contact the newly assigned DNS server to resolve names of different web servers.
The web server IP addresses are generally found to be fake, and are really web sites designed to capture personal data that includes payment card details and social security numbers.
This is not the first time that an Eastern European ISP has had its internet connection revoked.
Last year saw estDomains, the infamous McColo ISP, which served as a home for the command and control servers for multiple botnets, was disconnected from the internet.

What’s Hot on Infosecurity Magazine?