Botnet operators who lost access to servers in China have resurfaced in Russia, according to researchers at M86 Security.
A recent government crackdown in China appears to have forced many malware botnet operators to look elsewhere, and some registrars in Russia have apparently offered refuge.
M86 Security said that 5,000 new spam domains have been traced back to two Russian registrars in the past month. Among those who have moved to Russian providers are the operators of the Zeus malware.
"It used to be Chinese registrars, and now it has been a pretty dramatic shift," Bradley Anstis, vice president of technology strategy at M86 Security, told V3.co.uk.
"Back in Russia it is kind of the same old names. These registrars have been around for a while."
Principal operations tied to the new Russian registrars are botnet spam campaigns, online casinos and online pharmacy operations.
The shift follows a clampdown on cyber crime operations in Eastern Europe and Asia. Aside from the efforts by China, authorities in Eastern Europe have sought to drive cyber criminals out of the region.
Claims to have "the most competitive logic density" in the industry
Dell's high-end mobile workstations upgraded with Intel Coffee Lake CPUs
Webstresser admins were also arrested in the UK, Croatia, Canada and Serbia
Security firm claims that 117,638 sites out of 135,035 analysed contain serious security flaws