A new research report by Sophos has revealed that the ZeroAccess Botnet has over 1 million zombie computers in an army that can earn a staggering amount of $100,000 in a single day.
The latest version of the malware is highly disruptive, and has infected more than 9 million machines over its lifetime. Designed for click fraud, the ZeroAccess Botnet first appeared in later 2010, and attacks machines via pretending to be a clean-up action imitated by users. Now, when it has racked up an army of 1 million zombie botherders, it has become much more powerful and even more disruptive.
The latest version of the ZeroAccess Botnet is somehow different from the previous versions, especially in dropping some of the rootkit-style features. It has been devised for making huge financial gains, hence big attacks, which are likely to stay for long.
“Although the network is peer-to-peer based, centralized servers are used to record installations and keep tabs on active infections. The authors take great pains to disguise network traffic to these servers as innocuous, ordinary traffic. Many aspects of ZeroAccess display the authors’ fondness [for] fall-back options and backups. There is always more than one way for ZeroAccess to start up on an infected machine; the droppers phone home in two different ways during installation; each time specific functionality needs a server address there is usually a backup address if the first cannot be reached,” says James Wyke of Sophos on the Botnet.
As the malware and viruses are spreading like a pandemic in the cyber world, cybersecurity scares are hitting the headlines every other day. ZeroAccess Botnet has become apparently unstoppable, mutating and evolving, as it bounces its way back and forth across the world. It not only steals financial data, instead making money through advertising – it works by forcing hundreds of pop-up ads to appear on the screen, and by redirecting users to advertising websites, making money off of each click on these ads.
Thankfully, some agencies and organizations are working toward fighting and warding off these threats, such as Microsoft. The software giant recently started an anti-botnet operation that disrupted Zeus botnet infrastructure. It also attacked major world botnets and spam organizations and delivered a crushing blow to the operators—the previous two were the devastation of the Khelios botnet and shutdown of the Rustok spamnet. Microsoft has done an excellent job working with other agencies to help keep botnets and Trojan networks in check. This last operation saw them working for months with officers from the Financial Services – Information Sharing and Analysis Center (FS-ISAC) and the National Automated Clearing House Association, the US electronic payments association. Also according to The Register, security researchers from F-Secure served a major role in the analysis of the malware. During the raids, US Marshals flanked investigators when they entered the hosting firms to capture the equipment.