December 6, 2013
Microsoft, FBI, Int’l Law Agencies Work Together To Disrupt Botnets
Peter Suciu for redOrbit.com - Your Universe Onlinemalware to trigger online fraud, remains one of the world’s largest botnets in the world and is used to hijack web search results and redirect users to potentially dangerous sites. From these sites, hackers can access users’ personal data, while the botnets also generate fraudulent ad clicks on infected computers, resulting in payout from advertisers for the false results.
Also known as Sirefef botnet, ZeroAccess has infected more than two million computers worldwide; it largely operates by targeting search results on Google, Bing and Yahoo!. It costs online advertisers as much as $2.7 million per month.
It was reported on Friday that Microsoft, working with A10 networks as well as the FBI and Europol -- the European Union’s law enforcement agency -- has stepped up efforts to target botnet operators. The software company coordinated actions to target 18 computer IP addresses across Europe, and Europol worked with local law enforcement in Latvia, Luxembourg, Switzerland, the Netherlands and Germany to execute the search warrants and seizures.
“The coordinated action taken by our partners was instrumental in the disruption of ZeroAccess; these efforts will stop victims’ computers from being used for fraud and help us identify the computers that need to be cleaned of the infection,” said David Finn, executive director and associate general counsel of the Microsoft Digital Crimes Unit in a statement. “Microsoft is committed to working collaboratively — with our customers, partners, academic experts and law enforcement — to combat cybercrime. And we’ll do everything we can to protect computer users from the sinister activities and criminal networks that victimize innocent people and businesses around the world.”
Microsoft has also filed a lawsuit in the US District Court for the Western District of Texas against eight unnamed “John Doe” defendants.
This lawsuit, which was filed on November 25, alleges these defendants had used infected computers to commit distributed denial-of-service (DDoS) attacks as well as identity theft. Even with these efforts, the company warned it might not be enough to completely bring down the ZeroAccess botnet.
“Due to its botnet architecture, ZeroAccess is one of the most robust and durable botnets in operation today, and was built to be resilient to disruption efforts, relying on a peer-to-peer infrastructure that allows cybercriminals to remotely control the botnet from tens of thousands of different computers,” Richard Domingues Boscovich, assistant general counsel, Microsoft Digital Crimes Unit, posted via the Official Microsoft Blog on Thursday. “Most often, computers become infected with ZeroAccess as a result of ‘drive-by-downloads,’ where the cybercriminals create a website that downloads malware onto any unprotected computer that happens to visit that site. Computers can also become infected through counterfeit and unlicensed software, where criminals disguise ZeroAccess as legitimate software, tricking a person into downloading the ZeroAccess malware onto their computer.”
This battle, however, was not fought by Microsoft. In October computer security firm Symantec announced it had reclaimed 500,000 so-called “zombie” computers from the ZeroAccess botnet.
“The ZeroAccess botnet is one of the largest known botnets in existence today with a population upwards of 1.9 million computers, on any given day, as observed by Symantec in August 2013,” Symantec posted on its official blog in October.
ZeroAccess was first identified in 2011 by Symanetc Corp., the largest maker of anti-malware software. It is known as a “Trojan horse” as this type of malware can hide itself on a PC. In addition to being used for click fraud, the malware can also be used to illicitly mine the virtual currency known as Bitcoin.