Microsoft and law enforcement agencies have team up together to crack down on botnet ZeroAccess, which has defrauded online advertisers of millions of dollars per month; however, the malicious network has not been completely eliminated yet.
The ZeroAccess, also known as max++ and Sirefef, is a trojan that affects Microsoft Windows operating systems. The botnet is used to download malware on an infected system to perform online scams such as click fraud and remains hidden in an infected machine.
Microsoft is working with law enforcement agencies such as Europol's European Cybercrime Centre (EC3), the Federal Bureau of Investigation (FBI) and A10 Networks to crack and disrupt the ZeroAccess botnet.
"ZeroAccess targets all major search engines and browsers, including Google, Bing and Yahoo," said Richard Domingues Boscovich, Microsoft digital crimes unit assistant general counsel. "ZeroAccess is one of the most robust and durable botnets in operation today, and was built to be resilient to disruption efforts, relying on a peer-to-peer infrastructure that allows cybercriminals to remotely control the botnet from tens of thousands of different computers."
ZeroAccess has affected a few million computers worldwide by targeting search results on Google, Bing and Yahoo search engines. The recent crackdown may significantly disrupt the botnet's operation. A research conducted by the University of California, San Diego suggests that as of October 2013, around 1.9 million computers were infected with ZeroAccess. Microsoft also determined that there were over 800,000 ZeroAccess-infected computers active on the Internet on any given day.
Microsoft has also filed a civil suit against cyber criminals operating the ZeroAccess botnet. The company has received authorization from the U.S. District Court for the Western District of Texas to block incoming as well as outgoing communications between computer systems located in the U.S. and 18 other identified Internet Protocol (IP) addresses that are being used for fraudulent activities.
The company has also taken control of 49 domains, which are associated with the ZeroAccess botnet.
Computer systems are typically infected with ZeroAccess as a result of visiting websites having malicious software. Due to the sophistication of the hacker network, Microsoft expects the legal and technical actions taken would significantly disrupt the operation but not wipe it out.