Blog for hpHosts, and whatever else I feel like writing about ....

Tuesday, 10 November 2009 running Zbot infrastructure servers

From the desk of, here Piradius goes again, comes news of their yet again providing housing to Zbot infrastructure .... sorry Piradius, what was that, you're a legit ISP? Well the evidence we've seen over the months says otherwise I'm afraid. appears to be up to its dark grey hat antics again with a server at which is providing services to the current run of Zbot trojans, as seen (for example) with this recent ThreatExpert report.

Robtex reports the the server is also being used as the NS for a number of Zbot related domains, notably,,,,,, and several others connected with this spam run. is also the download server for various Zbot components.

Read more

1 comment:

Piradius said...

On behalf of Piradius, the user was terminated since last year 2009 early October when we received a notification from Spamhaus telling us that the this is bad user. The user was banished from our network.