- Oct 6, 2012
- 770
The ZeroAccess botnet is one of the largest known botnets in existence today with a population upwards of 1.9 million computers, on any given day, as observed by Symantec in August 2013. A key feature of the ZeroAccess botnet is its use of a peer-to-peer (P2P) command-and-control (C&C) communications architecture, which gives the botnet a high degree of availability and redundancy.
ZeroAccess: the courier service
Given its construction and behavior, ZeroAccess appears to be primarily designed to deliver payloads to infected computers. In a ZeroAccess botnet, the productive activity (from an attacker’s point of view) is performed by the payloads downloaded to compromised computers, which boil down to two basic types, both aimed at revenue generating activities.
Click fraud
One type of payload we’ve seen is the click fraud Trojan. The Trojan downloads online advertisements onto the computer and then generates artificial clicks on the ads as if they were generated by legitimate users. These false clicks count for pay-outs in pay-per-click (PPC) affiliate schemes.
Bitcoin mining
The virtual currency holds a number of attractions for cybercriminals. The way each bitcoin comes into existence is based on the carrying out of mathematical operations known as “mining” on computing hardware. This activity has a direct value to the botmaster and a cost to unsuspecting victims; we too
Source
ZeroAccess: the courier service
Given its construction and behavior, ZeroAccess appears to be primarily designed to deliver payloads to infected computers. In a ZeroAccess botnet, the productive activity (from an attacker’s point of view) is performed by the payloads downloaded to compromised computers, which boil down to two basic types, both aimed at revenue generating activities.
Click fraud
One type of payload we’ve seen is the click fraud Trojan. The Trojan downloads online advertisements onto the computer and then generates artificial clicks on the ads as if they were generated by legitimate users. These false clicks count for pay-outs in pay-per-click (PPC) affiliate schemes.
Bitcoin mining
The virtual currency holds a number of attractions for cybercriminals. The way each bitcoin comes into existence is based on the carrying out of mathematical operations known as “mining” on computing hardware. This activity has a direct value to the botmaster and a cost to unsuspecting victims; we too
Source