Microsoft, FBI and Europol Target ZeroAccess Botnet

By - Source: Toms IT Pro

Digital Crimes Unit (DCU) is a cybercrime center that is working with the FBI, Europol, and tech industry leaders to disrupt one of the world's largest, and persistent, botnet systems called ZeroAccess.

If you havn't heard of the Digital Crimes Unit, you're not alone. It is not part of the FBI, CIA, NSA, DOJ, or other 3-letter law enforcement acronym. DCU is Microsoft's Cybercrime center unveiled in November this year. Microsoft states that it has participated in eight botnet operations in the past 3 years and the ZeroAccess disruption makes this the second botnet operation since Microsoft unveiled DCU.

ZeroAccess (also known as Sirefef) is a Trojan horse that makes it onto users' computers from a variety of methods. One common method is through compromised websites that redirect users to malicious websites that host ZeroAccess. Once a user's machine is infected, ZeroAccess makes money for the cyber criminals through a click fraud scheme. The Trojan application does this by conducting web searches, from the users infected machine, which clicks on the results making the illicit site money by fraudulently receiving fees from pay per click advertisers.

According to Symantec's website, the original version of Trojan.ZeroAccess, discovered 07/13/2011, has made it onto all versions of the Windows desktop operating system beginning with Windows 2000 through Windows 7.

ZeroAccess is persistent and difficult to disrupt and neither Microsoft nor its associates in this undertaking expect to eliminate the threat, which is affecting almost 2,000,000 machines. According to Microsoft estimates, there are 800,000 ZeroAccess hijacked computers active on the Internet on any particular day.  The ZeroAccess Trojan is specifically targeting search results on the major search engines including Bing, Yahoo, and Google. The estimated cost to advertisers is $2.7 million per month.

While not expected to close down the botnets activity completely, the latest operation was designed to cripple and disrupt it enough to increase the cost and risk to the cyber criminals behind it and reduce the number of new infections.

About the Author

Bill Oliver has been working in Healthcare for the past 30+ years in a variety of management roles including Material Management, Purchasing, Nurse Registry, and IT. In the past 12 years his focus has been on the business end of IT Contracts, Software Licensing and Purchasing.

More by Bill Oliver

The joint operation between Microsoft, other tech companies, and both U.S. and European law enforcement is a step forward in attacking the problem on a global scale rather than regionally. Microsoft filed a civil suit in the U.S. while Europol simultaneously worked with multiple European governments to execute search warrants and seizures of computer servers connected with the ZeroAccess.

"This operation marks an important step in coordinated actions that are initiated by private companies and, at the same time, enable law enforcement agencies around Europe to identify and investigate the criminal organizations and networks behind these dangerous botnets that use malicious software to gain illicit profits," said Troels Oerting, head of Europol's European Cybercrime Centre (EC3). "EC3 added its expertise, information communications technology infrastructure and analytic capability, as well as provided the platform for high-level cooperation between cybercrime units in five European countries and Microsoft."

Since ZeroAccess can disable the security features on users' computers, Microsoft suggests people visit its Virus Protection and Windows Security Support page for instructions on removing the sophisticated malware.

Comments