Sponsored by..

Tuesday, 13 October 2009

Piradius.net running Zbot infrastructure servers

Piradius.net appears to be up to its dark grey hat antics again with a server at which is providing services to the current run of Zbot trojans, as seen (for example) with this recent ThreatExpert report.

Robtex reports the the server is also being used as the NS for a number of Zbot related domains, notably x2dns.ru, cedns.ru, updata-1.com, admin-systems.com, db-1.net, upd01.net, ssl-updates.net and several others connected with this spam run. is also the download server for various Zbot components.

Although Piradius.net probably has many legitimate customers (primarily from Malaysia, Thailand and South-East Asia), it seems to have a lot of bad ones too (including Yohost.org). Prudent network administrators may want to consider blocking - which will probably not cause too many problems.


Αλέξανδρος said...
This comment has been removed by the author.
Sundae said...


The IP seems to be offline, couldn't find any suspicious activities in it......Piradius is terminating all bad user isn't it?

Piradius said...

On behalf of Piradius, the user was terminated since last year 2009 early October when we received a notification from Spamhaus telling us that the this is bad user. The user was banished from our network.