Microsoft disrupts ZeroAccess web fraud botnet

Status
Not open for further replies.
Jack

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
BBC News said:
ZeroAccess, one of the world's largest botnets - a network of computers infected with malware to trigger online fraud - has been disrupted by Microsoft and law enforcement agencies.

ZeroAccess hijacks web search results and redirects users to potentially dangerous sites to steal their details.

It also generates fraudulent ad clicks on infected computers then claims payouts from duped advertisers.

Also called Sirefef botnet, ZeroAccess, has infected two million computers.

The botnet targets search results on Google, Bing and Yahoo search engines and is estimated to cost online advertisers $2.7m (£1.7m) per month.

Microsoft said it had been authorised by US regulators to "block incoming and outgoing communications between computers located in the US and the 18 identified Internet Protocol (IP) addresses being used to commit the fraudulent schemes".

In addition, the firm has also taken control of 49 domains associated with ZeroAccess.

David Finn, executive director of Microsoft Digital Crimes Unit, said the disruption "will stop victims' computers from being used for fraud and help us identify the computers that need to be cleaned of the infection".

Read more: http://www.bbc.co.uk/news/technology-25227592
Click to expand...
 
cruelsister

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,155
The malware authors pushed out a plugin right after the action described above to put the botnet back online and functional (remember- this is a P2P botnet so can't be taken down as such by killing a C&C or Dropzone).

They subsequently pushed another update out yesterday with the message "WHITE FLAG". I assume that they felt that continuing with this system was not worthwhile in light of all this attention. After all, the ZA bot has been around and functional for years (see the below for the initial detection) and no doubt already exceeded all expectations.

Initial Detection:

http://www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99

but 2 years later they still were trying to deal with it:

http://www.symantec.com/connect/blogs/grappling-zeroaccess-botnet

You may notice that Bitcoin Mining was added recently to the list of Frauds perpetrated by this malware, and this by way of another plugin.

But anyway, the WhiteFlag message probably just means the authors agree to take ZA down while starting up something more State of the Art.
 
Status
Not open for further replies.

Similar threads

Gandalf_The_Grey
    • Like
    • Applause
    • +Reputation
Qakbot Malware Disrupted in International Cyber Takedown
Replies
3
Views
1,150
News Archive
vtqhtr413
vtqhtr413
silversurfer
    • Like
    • Applause
Cloudflare announces AI-powered Fraud Detection tool
Replies
0
Views
517
News Archive
silversurfer
silversurfer
vtqhtr413
    • Like
New Update Linux Foundation Launches Tazama Open Source Fraud Prevention
Replies
2
Views
335
ChromeOS & Linux
MuzzMelbourne
MuzzMelbourne

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top