ZeroAccess Botnet Down, But Not for Long
Last week saw major changes in the attempts to destroy a giant botnet called “ZeroAccess”. Microsoft and Europe’s authorities have joined forces believing that this collaboration will significantly increase the chances of success. Currently the botnet has a pool of more than 2 million computers. Law enforcement units, which specialize in cybercrime from Latvia, Switzerland, Germany and Holland as well as the Europol’s European Cybercrime Center (EC3) are the most active participants among the government authorities. The interest from Latvian, Swiss, German and Dutch authorities can be explained by the fact that these nations hosted a lot of the servers which were used to control the botnet.
It is believed that 8 persons are behind the “ZeroAccess” project. Microsoft Corporation has already filed a civil lawsuit in an attempt to find out their identities and to block the communications between botnet’s computers. This information was provided by the EC3, which has recently published a report concerning the current situation.
The software behind the “ZeroAccess” botnet was developed in 2009. At first it was a malware delivery platform created to distribute other malicious programs e.g. scareware. The current version of the botnet software is known as “Sirefef” or “ZAccess”. The developers improved the software significantly since the introduction of it in the late 2000s; as a result, the law enforcement organizations and Microsoft are fighting against a really sophisticated threat. For example, due to improvements which were made a couple of years ago the botnet computers are currently involved in a scam called “click fraud”. During which infected PC’s are illegally generating clicks on advertisements.
Unfortunately, the collaboration between Microsoft and Europe’s law enforcement organizations won’t guarantee instant success. Despite the fact that some of the botnet servers were shut down this week, it is very unlikely that these actions will have a great impact to the whole network as the new versions of ZeroAccess are not that vulnerable. The resistance is guaranteed by implicating P2P architecture. Due to this structure infected PC which is not functioning is bypassed with ease. As a result, much greater measures are needed in order to disrupt the botnet. These improvements just go to show that a lot of challenges lie ahead for the ones fighting against the “ZeroAccess” botnet.