Vishant Patel of Microsoft's Digital Crimes Unit shows a heatmap of the Citadel botnet, a previous target of Microsoft's Cybercrime Center.
Vishant Patel of Microsoft's Digital Crimes Unit shows a heatmap of the Citadel botnet, a previous target of Microsoft's Cybercrime Center.

Microsoft 'disrupts' ZeroAccess, one of the world's largest botnets

Two million infected computers cost advertisers £1.7m each month through click fraud, whilst also targeting the public through infected search results

James Vincent
Friday 06 December 2013 10:52

One of the world’s largest botnets has been disrupted thanks to a joint campaign by Microsoft and law enforcement agencies.

The ZeroAcess botnet, sometimes known as Sirefef, has infected more than two million computers since its creation and cost online advertisers an estimated $2.7 million (£1.7m) per month.

Botnets are networks of infected computers that criminals use to carry out various types of online fraud. ZeroAccess worked by targeting and infecting search results from Google, Bing and Yahoo, as well as committing 'click fraud' - forcing advertisers to pay for clicks on their banners from automated web traffic.

This is Microsoft’s eighth major botnet operation in the past three years, and the first since it unveiled its new Cybercrime Center on 14 November. A previous joint strike between Microsoft and the FBI targeted the Citadel botnet responsible for stealing more than $500 million from bank accounts worldwide.

Working alongside international law enforcement and industry partners, the operation took control of 49 domains associated with ZeroAccess and attained multijurisdictional warrants from Europol to seize computer servers associated with fraudulent IP addresses in Europe.

However, Microsoft admit that they are not able to fully neutralise the threat posed by ZeroAccess.

“Due to its botnet architecture, ZeroAccess is one of the most robust and durable botnets in operation today and was built to be resilient to disruption efforts, relying on a peer-to-peer infrastructure that allows cybercriminals to remotely control the botnet from tens of thousands of different computers,” said Microsoft in an official statement.

However, the company stated that the operation “will significantly disrupt the botnet’s operation" and recommend visiting Microsoft support if users suspect their computers are infected.

"Because Microsoft found that the ZeroAccess malware disables security features on infected computers, leaving the computer susceptible to secondary infections, it is critical that victims rid their computers of ZeroAccess by using malware removal or antivirus software as quickly as possible."

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in