ZeroAccess botnet down for good?
Posted on 20.12.2013
When Microsoft and various law enforcement agencies around the world disrupted the ZeroAccess botnet at the beginning of December, they did not expect to fully eliminate it.

After all, the botnet had been targeted two months earlier by Symantec researchers, who managed to sinkhole a large chunk of it before its masters managed to update the bots and patch the security holes that allowed the researchers to do it.

Also, for a long time now, the botnet has been a very lucrative business for the criminals behind it, and they took great care to keep it running.

But, as Richard Boscovich, Assistant General Counsel with Microsoft's Digital Crimes Unit has shared in a blog post, the bot masters have seemingly given up on the botnet:

As we expected, less than 24 hours after our disruptive action, the cybercriminals pushed out new instructions to the ZeroAccess-infected computers in order to continue their fraud schemes.

However, because we were monitoring their actions and able to identify new Internet Protocol (IP) addresses the criminals were using to commit their crimes, Europol’s European Cybercrime Centre (EC3) took immediate action to coordinate with member country law enforcement agencies, led by Germany’s Bundeskriminalamt’s (BKA) Cyber Intelligence Unit, to quickly track down those new fraud IP addresses.

After BKA’s quick response, the bot-herders released one additional update to the infected computers that included the message “WHITE FLAG,” which we believe symbolizes that the criminals have decided to surrender control of the botnet. Since that time, we have not seen any additional attempts by the bot-herders to release new code and as a result, the botnet is currently no longer being used to commit fraud.

Because of this development, Microsoft has asked the court to close the civil case they filed against the criminals, so that law enforcement can continue to investigate and hopefully track them down.

In the meantime, Microsoft tries to help infected users clean their computers, as ZeroAccess is a sophisticated and difficult to remove piece of malware. Users are advised to follow the instructions detailed here.










Spotlight

How to keep your contactless payments secure

Posted on 19 September 2014.  |  Fraudsters can pickpocket a victim’s financial data using low-cost electronics that can fit into a rucksack. Here are the top security threats you should be aware of if you’re using a RF-based card, along with our top safety tips to keep your payments secure.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //