ZeroAccess botnet down for good?
Posted on 20.12.2013
When Microsoft and various law enforcement agencies around the world disrupted the ZeroAccess botnet at the beginning of December, they did not expect to fully eliminate it.

After all, the botnet had been targeted two months earlier by Symantec researchers, who managed to sinkhole a large chunk of it before its masters managed to update the bots and patch the security holes that allowed the researchers to do it.

Also, for a long time now, the botnet has been a very lucrative business for the criminals behind it, and they took great care to keep it running.

But, as Richard Boscovich, Assistant General Counsel with Microsoft's Digital Crimes Unit has shared in a blog post, the bot masters have seemingly given up on the botnet:

As we expected, less than 24 hours after our disruptive action, the cybercriminals pushed out new instructions to the ZeroAccess-infected computers in order to continue their fraud schemes.

However, because we were monitoring their actions and able to identify new Internet Protocol (IP) addresses the criminals were using to commit their crimes, Europol’s European Cybercrime Centre (EC3) took immediate action to coordinate with member country law enforcement agencies, led by Germany’s Bundeskriminalamt’s (BKA) Cyber Intelligence Unit, to quickly track down those new fraud IP addresses.

After BKA’s quick response, the bot-herders released one additional update to the infected computers that included the message “WHITE FLAG,” which we believe symbolizes that the criminals have decided to surrender control of the botnet. Since that time, we have not seen any additional attempts by the bot-herders to release new code and as a result, the botnet is currently no longer being used to commit fraud.

Because of this development, Microsoft has asked the court to close the civil case they filed against the criminals, so that law enforcement can continue to investigate and hopefully track them down.

In the meantime, Microsoft tries to help infected users clean their computers, as ZeroAccess is a sophisticated and difficult to remove piece of malware. Users are advised to follow the instructions detailed here.










Spotlight

New Zeus variant targets users of 150 banks

Posted on 19 December 2014.  |  A new variant of the infamous Zeus banking and information-stealing Trojan has been created to target the users of over 150 different banks and 20 payment systems in 15 countries, including the UK, the US, Russia, Spain and Japan.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Mon, Dec 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //