Menu
Can't keep this bad boy down: ZeroAccess botnet back in business

Can't keep this bad boy down: ZeroAccess botnet back in business

After a six-month break the ZeroAccess botnet resumes click-fraud activity

A peer-to-peer botnet called ZeroAccess came out of a six-month hibernation this month after having survived two takedown attempts by law enforcement and security researchers.

At its peak in 2013, ZeroAccess, also known as Sirefef, consisted of more than 1.9 million infected computers that were primarily used for click fraud and Bitcoin mining.

That was until security researchers from Symantec found a flaw in the botnet's resilient peer-to-peer architecture. This architecture allowed the bots to exchange files, instructions and information with each other without the need for central command-and-control servers, which are the Achilles' heel of most botnets.

By exploiting the flaw, Symantec managed to detach over half a million computers from ZeroAccess in July 2013 and launched an effort to clean them up in cooperation with ISPs and CERTs.

In December that same year the FBI, Europol, Microsoft and several security vendors launched a second operation that further crippled the botnet and led to those behind it capitulating. The botnet operators actually sent an update to the infected machines that contained the message "WHITE FLAG."

"We believe [that action] symbolizes that the criminals have decided to surrender control of the botnet," Richard Domingues Boscovich, assistant general counsel with the Microsoft Digital Crimes Unit, said at the time in a blog post.

It didn't last long. Cybercriminals reactivated the botnet and used it between March 21 and July 2, 2014, but then -- silence. Until now.

The botnet was reactivated on January 15, when it "again began distributing click-fraud templates to compromised systems," researchers from Dell SecureWorks said in a blog post Wednesday.

To perpetrate click fraud, malware displays ads on infected computers and clicks on them, masking the clicks as legitimate user actions in order to generate advertising income for the botnet operators.

ZeroAccess is only a shadow of its former self, as the attackers did not attempt to infect new systems since December 2013. However, the new activity this year indicates that they haven't completely given up on it.

The Dell SecureWorks researchers observed 55,208 unique IP addresses participating in the botnet between January 17 and January 25 -- 38,094 corresponding to compromised 32-bit Windows systems and 17,114 to 64-bit systems. The top ten affected countries are Japan, India, Russia, Italy, the U.S., Brazil, Taiwan, Romania, Venezuela and Germany.

"Although the threat actors behind ZeroAccess have not made any measurable attempts to augment the botnet in more than a year, it remains substantial in size," the SecureWorks researchers said. "Its resiliency is a testament to the tenacity of its operators and highlights the danger of malware using P2P networks."

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Dell SecureWorkssymantecMicrosoftsecuritymalwarefraud

Featured

Slideshows

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Examining the changing job scene in the Kiwi channel

Examining the changing job scene in the Kiwi channel

Typically, the New Year brings new opportunities for personnel within the Kiwi channel. 2017 started no differently, with a host of appointments, departures and reshuffles across vendor, distributor and reseller businesses. As a result, the job scene across New Zealand has changed - here’s a run down of who is working where in the year ahead…

Examining the changing job scene in the Kiwi channel
​What are the top 10 tech trends for New Zealand in 2017?

​What are the top 10 tech trends for New Zealand in 2017?

Digital Transformation (DX) has been a critical topic for business over the last few years and IDC is now predicting a step change as DX reaches macroeconomic levels. By 2020 a DX economy will emerge and it will become the core of what New Zealand industries focus on. From the board level through to the C-Suite, Kiwi organisations must be prepared to think and act digital when the DX economy emerges in 2017.

​What are the top 10 tech trends for New Zealand in 2017?
Show Comments