Microsoft,Europol,FBI and partners decapitated ZeroAccess botnet

Microsoft Digital Crimes Unit, FBI, Europol and industry partners decapitated the feared ZeroAccess botnet that hijacks search results

Microsoft this week has announced that thanks to a joint operation of its Digital Crimes Unit and the Federal Bureau of Investigation (FBI), Europol’s European Cybercrime Centre (EC3) and technology companies has decapitated ZeroAccess botnet.

The ZeroAccess botnet is considered one of most insidious malicious architecture that has infected nearly two million systems all over the world, the majority of computers ZeroAccess has infected have been located in the U.S. and Western Europe. Richard Domingues Boscovich, assistant general counsel with Microsoft Digital Crimes Unit, estimated that ZeroAccess cost online advertisers upwards of $2.7 million each month.

Trojan. ZeroAccess malware uses an advanced rootkit to hide itself and it is able to download more malware and opens a backdoor on the victim computer.
The name ZeroAccess derives from a string found in the kernel driver code that is pointing to the original project folder called ZeroAccess, it is distributed through several means including compromised websites, redirecting traffic to malicious websites that host the trojan and distribute it using exploit kit such as the Blackhole Exploit Toolkit. The ZeroAccess bot exploits a “drive-by download” scheme for infection process and is able to update itself through peer-to-peer networks.

The support of P2P protocol allows cyber criminals to control the botnet remotely from tens of thousands of different computers.

The monetization process behind the ZeroAccess botnet is a classic pay per click advertising, the malware download an application that conducts Web searches and clicks on the results.

“This is known as click fraud, which is a highly lucrative business for malware creators.” states the Symantec advisor on the agent.

Almost every search engine and browser was targeted by ZeroAccess including Google, Bing and Yahoo.

“Computers can also become infected through counterfeit and unlicensed software, where criminals disguise ZeroAccess as legitimate software, tricking a person into downloading the ZeroAccess malware onto their computer.” “Because Microsoft found that the ZeroAccess malware disables security features on infected computers, leaving the computer susceptible to secondary infections, it is critical that victims rid their computers of ZeroAccess by using malware removal or anti-virus software as quickly as possible,” Boscovich added,

Due the high sophistication of ZeroAccess malware, Microsoft security experts believe that the threat isn’t definitively eradicated, the investigation on the ZeroAccess botnet is still ongoing thanks to the support of law enforcement and private security firms.

Pierluigi Paganini

(Security Affairs – ZeroAccess, Botnet)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.