View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 9, 2013

Microsoft disrupts ZeroAccess botnet

FBI and EC3 also involved in operation to hinder one of the world's largest botnets.

By Ben Sullivan

ZeroAccess, a botnet which hijacks web search results and redirects users to dangerous sites, has been disrupted by Microsoft, the FBI and Europol’s European Cybercrime Centre (EC3).

ZeroAccess also generates fraudulent ad clicks on infected computers then claims payouts from fooled advertisers. It is believed to have infected over two millions computers.

The botnet targets search results on Google, Bing and Yahoo search engines and is estimated to cost online advertisers £1.7m per month.

Microsoft said it had been authorised by US regulators to "block incoming and outgoing communications between computers located in the US and the 18 identified Internet Protocol (IP) addresses being used to commit the fraudulent schemes".

Furthermore, the firm has also taken control of 49 domains associated with ZeroAccess.

"This operation marks an important step in coordinated actions that are initiated by private companies and, at the same time, enable law enforcement agencies around Europe to identify and investigate the criminal organisations and networks behind these dangerous botnets that use malicious software to gain illicit profits," said Troels Oerting, head of the EC3.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

"EC3 added its expertise, information communications technology infrastructure and analytic capability, as well as provided the platform for high-level cooperation between cybercrime units in five European countries and Microsoft."

Due to its botnet architecture, ZeroAccess is one of the most robust and durable botnets in operation today and was built to be resilient to disruption efforts, relying on a peer-to-peer infrastructure that allows cybercriminals to remotely control the botnet from tens of thousands of different computers.

Microsoft determined there were more than 800,000 ZeroAccess-infected computers active on the Internet on any given day this year.

"The coordinated action taken by our partners was instrumental in the disruption of ZeroAccess; these efforts will stop victims’ computers from being used for fraud and help us identify the computers that need to be cleaned of the infection," said David Finn, executive director and associate general counsel of the Microsoft Digital Crimes Unit.

"Microsoft is committed to working collaboratively — with our customers, partners, academic experts and law enforcement — to combat cybercrime. And we’ll do everything we can to protect computer users from the sinister activities and criminal networks that victimize innocent people and businesses around the world."

Richard McFeely, FBI Executive Assistant Director, said: "If the hacker community has not yet taken notice, today’s disruption of the ZeroAccess botnet is another example of the power of public-private partnerships.

"It demonstrates our commitment to expand coordination with companies like Microsoft and our foreign law enforcement partners, in this case, Europol, to shut down malicious cyberattacks and hold cybercriminals accountable for exploiting our citizens’ and businesses’ computers."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU