ZeroAccess botnet down for good?
Posted on 20.12.2013
When Microsoft and various law enforcement agencies around the world disrupted the ZeroAccess botnet at the beginning of December, they did not expect to fully eliminate it.

After all, the botnet had been targeted two months earlier by Symantec researchers, who managed to sinkhole a large chunk of it before its masters managed to update the bots and patch the security holes that allowed the researchers to do it.

Also, for a long time now, the botnet has been a very lucrative business for the criminals behind it, and they took great care to keep it running.

But, as Richard Boscovich, Assistant General Counsel with Microsoft's Digital Crimes Unit has shared in a blog post, the bot masters have seemingly given up on the botnet:

As we expected, less than 24 hours after our disruptive action, the cybercriminals pushed out new instructions to the ZeroAccess-infected computers in order to continue their fraud schemes.

However, because we were monitoring their actions and able to identify new Internet Protocol (IP) addresses the criminals were using to commit their crimes, Europolís European Cybercrime Centre (EC3) took immediate action to coordinate with member country law enforcement agencies, led by Germanyís Bundeskriminalamtís (BKA) Cyber Intelligence Unit, to quickly track down those new fraud IP addresses.

After BKAís quick response, the bot-herders released one additional update to the infected computers that included the message ďWHITE FLAG,Ē which we believe symbolizes that the criminals have decided to surrender control of the botnet. Since that time, we have not seen any additional attempts by the bot-herders to release new code and as a result, the botnet is currently no longer being used to commit fraud.

Because of this development, Microsoft has asked the court to close the civil case they filed against the criminals, so that law enforcement can continue to investigate and hopefully track them down.

In the meantime, Microsoft tries to help infected users clean their computers, as ZeroAccess is a sophisticated and difficult to remove piece of malware. Users are advised to follow the instructions detailed here.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th