Microsoft 'disrupts' ZeroAccess, one of the world's largest botnets

Two million infected computers cost advertisers £1.7m each month through click fraud, whilst also targeting the public through infected search results
  • @jjvincent

One of the world’s largest botnets has been disrupted thanks to a joint campaign by Microsoft and law enforcement agencies.

The ZeroAcess botnet, sometimes known as Sirefef, has infected more than two million computers since its creation and cost online advertisers an estimated $2.7 million (£1.7m) per month.

Botnets are networks of infected computers that criminals use to carry out various types of online fraud. ZeroAccess worked by targeting and infecting search results from Google, Bing and Yahoo, as well as committing 'click fraud' - forcing advertisers to pay for clicks on their banners from automated web traffic.

This is Microsoft’s eighth major botnet operation in the past three years, and the first since it unveiled its new Cybercrime Center on 14 November. A previous joint strike between Microsoft and the FBI targeted the Citadel botnet responsible for stealing more than $500 million from bank accounts worldwide.

Working alongside international law enforcement and industry partners, the operation took control of 49 domains associated with ZeroAccess and attained multijurisdictional warrants from Europol to seize computer servers associated with fraudulent IP addresses in Europe.

However, Microsoft admit that they are not able to fully neutralise the threat posed by ZeroAccess.

“Due to its botnet architecture, ZeroAccess is one of the most robust and durable botnets in operation today and was built to be resilient to disruption efforts, relying on a peer-to-peer infrastructure that allows cybercriminals to remotely control the botnet from tens of thousands of different computers,” said Microsoft in an official statement.

However, the company stated that the operation “will significantly disrupt the botnet’s operation" and recommend visiting Microsoft support if users suspect their computers are infected.

"Because Microsoft found that the ZeroAccess malware disables security features on infected computers, leaving the computer susceptible to secondary infections, it is critical that victims rid their computers of ZeroAccess by using malware removal or antivirus software as quickly as possible."