Troyak-AS and Peer activity

March 14, 2010 | Jaime Blasco

Last week Troyak-AS has been taken offline. The number of Zeus C&C servers has been decreasing steeply because of the coordinated operation.

Hereyou can find a list of AS50215 Troyak-as peers that conform the neighborhood of one of the most active cybercrime networks.

I want to share with you some graphs of these peers that shows the malicious activity of some of the AS’s involved on this network during Q1 of 2010.

The data has been extracted from one of Alienvault sandnets.

AS-42229 MARIAM-AS PP Mariam

AS-44107 PROMBUDDETAL-AS Prombuddetal LLC

AS-47560 VESTEH-NET-as Vesteh LLC

AS-50369 VISHCLUB-as Kanyovskiy Andriy


AS-8342 RTCOMM-AS RTComm.RU Autonomous System

Jaime Blasco

About the Author: Jaime Blasco

Jaime Blasco is a renowned Security Researcher with broad experience in network security, malware analysis and incident response. At AT&T Cybersecurity, Jaime leads the Alien Labs Intelligence and Research team that leads the charge of researching and integrating threat intelligence into detection mechanisms. Prior to working at AT&T, Jaime was Chief Scientest at AlienVault. Prior to that, he founded a couple of startups (Eazel, Aitsec) working on web application security, source code analysis and incident response. He is based in San Francisco. Jaime's work in emerging threats and targeted attacks is frequently cited in international publications such as New York Times, BBC, Washington Post and Al Jazeera.

Read more posts from Jaime Blasco ›


Get the latest security news in your inbox.

Subscribe via Email

Watch a Demo ›
Get Price Free Trial