ZeroAcces, one of the world’s largest for-hire botnets has been disrupted in a joint operation between Europol’s European Cybercrime Centre (EC3) and the FBI, and led by Microsoft.
ZeroAccess, also known as “Sirefef”, uses a network of two million home and office PCs infected with malware to perform specific tasks such as hijacking search results and stealing user details on a massive scale. It is also used by unscrupulous website owners to generate fraudulent clicks on advertisements to con advertisers with useless clicks to a tune of £1.7 million per month.
Microsoft worked with the authorities to “block incoming and outgoing communication between computers located in the US and and 18 identified Internet Protocol (IP) addresses being used to commit the fraudulent schemes”. Microsoft’s Digital Crimes Unit has also taken control of 49 domain names associated with the botnet.
By blocking these routes of communication, they managed to significantly hinder the workings of the botnet, although they have not managed to completely destroy it, as it was designed to be resilient to such efforts. It managed this by relying on waves of peer-to-peer communication between infected machines to carry out tasks rather than using a centralised structure that could be decapitated.